Every CVE whose affected-product data names Kliqqi Kliqqi Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2020-21119 — CVSS 9.8 (critical): SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to…
CVE-2020-21121 — CVSS 9.8 (critical): Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php…
CVE-2017-17902 — CVSS 9.8 (critical): SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a new story at the pligg/story.php?title= URI.
CVE-2016-10756 — CVSS 8.8 (high): Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of…
CVE-2024-48700 — CVSS 7.2 (high): Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the…
CVE-2017-17889 — CVSS 5.4 (medium): Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags…