📦 Pad Cms

CVE-2025-8120 is an unauthenticated remote code execution vulnerability in PAD CMS's photo upload functionality. An attacker can upload arbitrary files without restrictions and execute them, leading t...

CVE-2025-7063 is an unauthenticated remote code execution vulnerability in PAD CMS's file upload functionality. Attackers can upload arbitrary files without restrictions and execute them, leading to c...

This CVE describes a blind SQL injection vulnerability in article positioning functionality that allows authenticated users to execute arbitrary SQL queries. All three templates (www, bip, ww+bip) are...

CVE-2025-8117 is an authentication bypass vulnerability in PAD CMS where improper initialization of password recovery parameters allows attackers to reset passwords for any user who hasn't used the re...

PAD CMS has a CSRF vulnerability in its password reset functionality that allows attackers to change logged-in users' passwords without their consent. When victims visit a malicious website, it can au...

PAD CMS is vulnerable to reflected cross-site scripting (XSS) in printing and PDF save functionality. Attackers can craft malicious URLs that execute arbitrary JavaScript in victims' browsers when ope...