anchorcms CVE Vulnerabilities & Metrics

Focus on anchorcms vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About anchorcms Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with anchorcms. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total anchorcms CVEs: 9
Earliest CVE date: 02 Dec 2014, 18:59 UTC
Latest CVE date: 24 Jun 2024, 19:15 UTC

Latest CVE reference: CVE-2024-37732

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical anchorcms CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.27

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	5
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS anchorcms CVEs

These are the five CVEs with the highest CVSS scores for anchorcms, sorted by severity first and recency.

CVE-2015-5687 anchorcms Published on 05 Oct 2015, 14:59 UTC (CVSS: 7.5)
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie.
CVE-2020-23342 anchorcms Published on 19 Jan 2021, 14:15 UTC (CVSS: 6.8)
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
CVE-2018-7251 anchorcms Published on 19 Feb 2018, 22:29 UTC (CVSS: 5.0)
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.
CVE-2021-44116 anchorcms Published on 15 Dec 2021, 22:15 UTC (CVSS: 4.3)
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.
CVE-2015-5060 anchorcms Published on 07 Sep 2017, 20:29 UTC (CVSS: 4.3)
Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev.

All CVEs for anchorcms

CVE-2024-37732 anchorcms vulnerability CVSS: 0 24 Jun 2024, 19:15 UTC

Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file.

CVE-2022-25576 anchorcms vulnerability CVSS: 3.5 24 Mar 2022, 23:15 UTC

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.

CVE-2021-46253 anchorcms vulnerability CVSS: 3.5 01 Feb 2022, 13:15 UTC

A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML.

CVE-2021-44116 anchorcms vulnerability CVSS: 4.3 15 Dec 2021, 22:15 UTC

Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.

CVE-2020-23342 anchorcms vulnerability CVSS: 6.8 19 Jan 2021, 14:15 UTC

A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.

CVE-2020-12071 anchorcms vulnerability CVSS: 3.5 23 Apr 2020, 02:15 UTC

Anchor 0.12.7 allows admins to cause XSS via crafted post content.

CVE-2018-7251 anchorcms vulnerability CVSS: 5.0 19 Feb 2018, 22:29 UTC

An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.

CVE-2015-5060 anchorcms vulnerability CVSS: 4.3 07 Sep 2017, 20:29 UTC

Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev.

CVE-2015-5687 anchorcms vulnerability CVSS: 7.5 05 Oct 2015, 14:59 UTC

system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie.

CVE-2014-9182 anchorcms vulnerability CVSS: 4.3 02 Dec 2014, 18:59 UTC

models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.