CVE-2022-25487 — CVSS 9.8 (critical): Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.
CVE-2022-25488 — CVSS 9.8 (critical): Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.
CVE-2023-53975 — CVSS 7.5 (high): Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through…
CVE-2014-4852 — CVSS 7.5 (high): SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary…
CVE-2022-25489 — CVSS 5.4 (medium): Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php.