Aggregates CVE and security vulnerability intelligence across all engineercms_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-44831 | EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface. | [email protected] | 9.8 | 0.35% | 2025-05-13 | 2025-06-16 |
| CVE-2025-44830 | EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface. | [email protected] | 9.8 | 0.39% | 2025-05-12 | 2025-06-13 |
| CVE-2021-36605 | engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser. | [email protected] | 5.4 | 0.59% | 2021-07-30 | 2024-11-21 |