Aggregates CVE and security vulnerability intelligence across all pragyan_cms_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection and vendor risk path handling, with potential vendor impact data exposure and vendor impact file overwrite across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-14601 | Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. | [email protected] | 4.9 | 0.30% | 2017-09-19 | 2026-05-13 |
| CVE-2017-14600 | Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. | [email protected] | 4.9 | 0.30% | 2017-09-19 | 2026-05-13 |
| CVE-2015-4627 | SQL injection vulnerability in Pragyan CMS 3.0. | [email protected] | 9.8 | 0.25% | 2017-09-07 | 2026-05-13 |
| CVE-2015-1471 | SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI. | [email protected] | 7.5 | 5.41% | 2015-02-12 | 2026-05-06 |
| CVE-2012-6500 | Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php. | [email protected] | 5.0 | 12.79% | 2013-01-12 | 2026-04-29 |
| CVE-2009-1480 | SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors. | [email protected] | 7.5 | 0.29% | 2009-04-29 | 2026-04-23 |