Every CVE whose affected-product data names Plume-cms Plume Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2006-4533 — CVSS 7.5 (high): Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via…
CVE-2006-3562 — CVSS 7.5 (high): PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the…
CVE-2006-7021 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote attackers to execute arbitrary…
CVE-2006-2645 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code…
CVE-2012-1414 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the…
CVE-2006-0725 — CVSS 6.8 (medium): PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to…
CVE-2009-3418 — CVSS 6.5 (medium): Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m…
CVE-2012-2156 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or…
CVE-2008-1048 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or…
CVE-2011-3985 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via…