MidnightBSD

Advisories for pragyan_cms_project

CVE-2012-6500 MEDIUM

Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
pragyan_cms_project pragyan_cms 2.5.4
pragyan_cms_project pragyan_cms *
pragyan_cms_project pragyan_cms 2.6.3
pragyan_cms_project pragyan_cms 2.5.12
pragyan_cms_project pragyan_cms 2.5.14
pragyan_cms_project pragyan_cms 2.5.13
pragyan_cms_project pragyan_cms 2.6.1
pragyan_cms_project pragyan_cms 2.5.9
pragyan_cms_project pragyan_cms 2.6.2
pragyan_cms_project pragyan_cms 2.6.4
CVE-2015-1471 HIGH

SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
pragyan_cms_project pragyan_cms 3.0
CVE-2015-4627 HIGH

SQL injection vulnerability in Pragyan CMS 3.0.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
pragyan_cms_project pragyan_cms 3.0
CVE-2017-14600 MEDIUM

Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
pragyan_cms_project pragyan_cms 3.0
CVE-2017-14601 MEDIUM

Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
pragyan_cms_project pragyan_cms 3.0