| 4967 | Craft CMS – Why case matters |
Reflected XSS
Content injection |
Craft CMS |
Markus Krell (@MarkusKrell) |
Bug Bounty | 2017-10-01 | 2023-06-13 |
| 4883 | Reflected XSS + Possible Server Side Template Injection in HubSpot CMS ( All Websites Uses HubSpot was affected ) |
Reflected XSS |
HubSpot |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2018-01-24 | 2023-06-13 |
| 4676 | Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716] |
SSTI |
SEOmatic CMS plugin |
Sebastian (ha.cker.info) |
Bug Bounty | 2018-07-24 | 2023-06-13 |
| 4389 | How I Takeover Wordpress Admin fiiipay.my |
Account takeover
CMS default files |
FiiiPay |
Syahrul Akbar Rohmani (@sahruldotid) |
Bug Bounty | 2018-12-28 | 2023-06-13 |
| 3574 | Limited freemarker ssti to arbitrary liql query and manage lithium cms |
SSTI |
NA |
Mert (@mertistaken) |
Bug Bounty | 2020-03-30 | 2023-06-13 |
| 3362 | Bypassing file upload filter by source code review in Bolt CMS |
RCE
Unrestricted file upload
Path traversal
Security code review |
Bolt CMS |
Sivanesh Ashok (@sivaneshashok) |
Bug Bounty | 2020-06-27 | 2023-06-13 |
| 2998 | WonderCMS 3.1.3 - Authenticated RCE & Blind SSRF Vulnerability |
Blind SSRF
RCE |
WonderCMS |
Mas Zet (@zetc0de) |
Bug Bounty | 2020-11-29 | 2023-06-13 |
| 2102 | Multiple Concrete CMS Vulnerabilities ( Part1 – RCE ) |
RCE
Race condition |
Concrete CMS |
FORTBRIDGE (@FORTBRIDGE1) |
Bug Bounty | 2021-11-05 | 2023-06-13 |
| 2052 | Multiple Vulnerabilities In Concrete CMS – Part2 (PrivEsc/SSRF/etc) |
Privilege escalation
SSRF |
Concrete CMS |
FORTBRIDGE (@FORTBRIDGE1) |
Bug Bounty | 2021-11-25 | 2023-06-13 |
| 1582 | Hacking a Bank by Finding a 0day in DotCMS |
Directory traversal
Unrestricted file upload
RCE |
NA |
Shubham Shah (@infosec_au) |
Bug Bounty | 2022-05-03 | 2023-06-13 |
| 1517 | DNN CMS Server-Side Request Forgery (CVE-2021-40186) |
SSRF
Security code review |
DNN (DotNetNuke) |
Appcheck NG |
Bug Bounty | 2022-05-26 | 2023-06-13 |
| 1023 | Exploits Explained: 5 Unusual Authentication Bypass Techniques |
Authentication bypass
JWT
CMS
SSO |
NA |
Ozgur Alp (@ozgur_bbh) |
Bug Bounty | 2022-09-28 | 2023-06-13 |
| 345 | Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002) |
Authentication bypass
Security code review
ColdFusion |
Mura CMS
Masa CMS |
Brian (@hoyahaxa) |
Bug Bounty | 2023-03-06 | 2023-06-13 |
| 282 | SSTI leads to RCE on PyroCMS |
SSTI
RCE |
PyroCMS |
cupc4k3 |
Bug Bounty | 2023-03-20 | 2023-06-13 |
| 110 | A deep-dive on Pluck CMS vulnerability CVE-2023-25828 |
Unrestricted file upload
RCE
Security code review |
Pluck CMS |
Matthew Hogg |
Bug Bounty | 2023-05-08 | 2023-06-13 |
