This page lists publicly disclosed CVE vulnerabilities affecting autocms_project autocms (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-8866 | A vulnerability was found in AutoCMS 5.4. It has been classified as problematic. This affects an unknown part of the file /admin/robot.php. The manipulation of the argument sidebar leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.60% | 2024-09-14 | 2026-06-17 |
| CVE-2024-44725 | AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php. | [email protected] | 7.2 | 0.46% | 2024-09-09 | 2026-06-17 |
| CVE-2024-44724 | AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. This vulnerability allows attackers to execute arbitrary PHP code via injecting a crafted value. | [email protected] | 7.2 | 0.55% | 2024-09-09 | 2026-06-17 |