elitecms CVE Vulnerabilities & Metrics

Focus on elitecms vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About elitecms Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with elitecms. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total elitecms CVEs: 17
Earliest CVE date: 11 Sep 2008, 21:06 UTC
Latest CVE date: 11 Jan 2024, 03:15 UTC

Latest CVE reference: CVE-2022-40361

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical elitecms CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.44

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	3
7.0-8.9	13
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS elitecms CVEs

These are the five CVEs with the highest CVSS scores for elitecms, sorted by severity first and recency.

CVE-2022-30816 elitecms Published on 02 Jun 2022, 14:15 UTC (CVSS: 7.5)
elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php.
CVE-2022-30815 elitecms Published on 02 Jun 2022, 14:15 UTC (CVSS: 7.5)
elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=
CVE-2022-30814 elitecms Published on 02 Jun 2022, 14:15 UTC (CVSS: 7.5)
elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php.
CVE-2022-30813 elitecms Published on 02 Jun 2022, 14:15 UTC (CVSS: 7.5)
elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php.
CVE-2022-30810 elitecms Published on 02 Jun 2022, 14:15 UTC (CVSS: 7.5)
elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php.

All CVEs for elitecms

CVE-2022-40361 elitecms vulnerability CVSS: 0 11 Jan 2024, 03:15 UTC

Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint.

CVE-2023-42331 elitecms vulnerability CVSS: 0 20 Sep 2023, 20:15 UTC

A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component.

CVE-2022-30816 elitecms vulnerability CVSS: 7.5 02 Jun 2022, 14:15 UTC

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php.

CVE-2022-30815 elitecms vulnerability CVSS: 7.5 02 Jun 2022, 14:15 UTC

elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=

CVE-2022-30814 elitecms vulnerability CVSS: 7.5 02 Jun 2022, 14:15 UTC

elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php.

CVE-2022-30813 elitecms vulnerability CVSS: 7.5 02 Jun 2022, 14:15 UTC

elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php.

CVE-2022-30810 elitecms vulnerability CVSS: 7.5 02 Jun 2022, 14:15 UTC

elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php.

CVE-2022-30809 elitecms vulnerability CVSS: 7.5 02 Jun 2022, 14:15 UTC

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=.

CVE-2022-30808 elitecms vulnerability CVSS: 7.5 02 Jun 2022, 14:15 UTC

elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php.

CVE-2022-30804 elitecms vulnerability CVSS: 5.5 02 Jun 2022, 14:15 UTC

elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=.

CVE-2022-24222 elitecms vulnerability CVSS: 7.5 01 Feb 2022, 19:15 UTC

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php.

CVE-2022-24221 elitecms vulnerability CVSS: 7.5 01 Feb 2022, 19:15 UTC

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php.

CVE-2022-24220 elitecms vulnerability CVSS: 7.5 01 Feb 2022, 19:15 UTC

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php.

CVE-2022-24219 elitecms vulnerability CVSS: 7.5 01 Feb 2022, 19:15 UTC

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php.

CVE-2022-24218 elitecms vulnerability CVSS: 6.4 01 Feb 2022, 19:15 UTC

An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files.

CVE-2021-46093 elitecms vulnerability CVSS: 7.5 01 Feb 2022, 19:15 UTC

eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php.

CVE-2018-12250 elitecms vulnerability CVSS: 6.5 03 Jul 2019, 17:15 UTC

An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vulnerable to SQL injection.

CVE-2008-4046 elitecms vulnerability CVSS: 7.5 11 Sep 2008, 21:06 UTC

SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.