Vulnerabilidades em ci4-cms-erp
33 resultadosCVE-2026-25510CRITICALCI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File EditorEPSS 0.8%CVE-2026-41202CRITICALci4ms Backup::restore is vulnerable to Zip Slip leading to RCEEPSS 0.5%CVE-2026-39394HIGHCI4MS has an .env CRLF Injection via Unvalidated `host` Parameter in Install ControllerEPSS 0.5%CVE-2026-34570HIGHCI4MS: Account Deletion Module Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)EPSS 0.5%CVE-2026-34572HIGHCI4MS: Account Deactivation Module Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)EPSS 0.5%CVE-2026-41587HIGHCI4MS: Unrestricted PHP File Upload via Theme Installation Leads to Authenticated Remote Code ExecutionEPSS 0.5%CVE-2026-41203CRITICALci4ms Theme::upload is vulnerable to Zip Slip leading to RCEEPSS 0.5%CVE-2026-39389MEDIUMCI4MS has a Hidden Items Authorization Bypass in Fileeditor Allows Reading Secrets and Writing Protected FilesEPSS 0.5%CVE-2026-35035HIGHCI4MS Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSSEPSS 0.5%CVE-2026-39393HIGHPost-Installation Re-entry via Cache-Dependent Install Guard Bypass in ci4msEPSS 0.4%CVE-2026-34571CRITICALCI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account CompromiseEPSS 0.4%CVE-2026-34560CRITICALCI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSSEPSS 0.4%CVE-2026-27599MEDIUMCI4MS: System Settings (Mail Settings) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSSEPSS 0.4%CVE-2026-25509MEDIUMCI4MS Vulnerable to User Email Enumeration via Password Reset FlowEPSS 0.3%CVE-2026-41890MEDIUMCI4MS: Arbitrary Database Table Drop via Theme deleteProcessEPSS 0.3%CVE-2026-41201CRITICALCI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 2EPSS 0.3%CVE-2026-34569CRITICALCI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSSEPSS 0.3%CVE-2026-34559CRITICALCI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSSEPSS 0.3%CVE-2026-34568CRITICALCI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSSEPSS 0.3%CVE-2026-34558CRITICALCI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSSEPSS 0.3%