ci4-cms-erp/ci4ms Security Advisories for 0.31.4.0 (9)
-
[HIGH] CI4MS: Stored XSS in Pages Module Content via Broken html_purify Validation Rule
PKSA-cfx9-7tcq-n157 CVE-2026-45270 GHSA-gqr2-7hcg-rchf
Affected version: <=0.31.8.0
Reported by:
GitHub -
[MEDIUM] CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations
PKSA-x2rt-sj8n-h21z CVE-2026-45139 GHSA-245j-xjvr-xvm5
Affected version: <=0.31.8.0
Reported by:
GitHub -
[MEDIUM] CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule
PKSA-7xbg-9dns-gxm5 CVE-2026-45138 GHSA-2m69-jmvh-6chr
Affected version: <=0.31.8.0
Reported by:
GitHub -
[MEDIUM] CI4MS has a Deactivated User Session Bypass (active=0)
PKSA-cf98-gsv6-bv96 CVE-2026-41891 GHSA-5hfv-c864-qcq9
Affected version: >=0.26.0,<=0.31.7.0
Reported by:
GitHub -
[MEDIUM] CI4MS Vulnerable to Arbitrary Database Table Drop via Theme deleteProcess
PKSA-kq1j-n47j-c2p7 CVE-2026-41890 GHSA-vgrf-pr28-vf98
Affected version: >=0.31.1.0,<=0.31.7.0
Reported by:
GitHub -
[HIGH] CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution
PKSA-gg2g-kjmj-cghy CVE-2026-41587 GHSA-fw49-9xq4-gmx6
Affected version: >=0.26.0.0,<=0.31.6.0
Reported by:
GitHub -
[CRITICAL] CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE
PKSA-tyjg-jzs3-mzjt CVE-2026-41203 GHSA-xv3r-vr59-95rg
Affected version: <0.31.5.0
Reported by:
GitHub -
[CRITICAL] CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE
PKSA-2xsc-43zp-v4cr CVE-2026-41202 GHSA-xp9f-pvvc-57p4
Affected version: <0.31.5.0
Reported by:
GitHub -
[MEDIUM] CI4MS: Backup Management Full Account Takeover for All Roles & Privilege Escalation via Stored DOM Blind XSS
PKSA-219p-5b8k-2v2r CVE-2026-41201 GHSA-qxpq-82f3-xj47
Affected version: <0.31.5.0
Reported by:
GitHub