Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-25042: Mara CMS

An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php.

CVE
Open in Source
#web#java#php#auth

Mara CMS is a file based content management system.

Mara offers the kind of helpful features you would expect to find in the big commercial products, but in a more concise form. This makes it remarkably easy to use, even for the inexperienced content creator.

Features include direct editing of the actual webpage so you see your changes as you type, drag and drop photo and video content addition, easy YouTube video linking, a photo gallery that can also double as a presentation or lecture slideshow, a secure contact form, rollback of changes, plus much more.

For the experienced Web developer, Mara’s use of industry standard HTML5 and CSS3 instead of proprietary markup or database structures makes for a shallower learning curve. If you already understand the fundamentals of webpage creation you can get productive really quickly.

Open source, unrestricted, and free to use. Coders are welcome to contribute themes or plugins to the project.

Features

  • Drag and drop of most content types
  • True WYSIWYG editor
  • Ideal for modern responsive layouts
  • -or for more traditional styles
  • Cascading top or side menus
  • Galleries, image zoom and slideshows
  • Contact form with robot protection
  • See your text as it will look, right as you type
  • Versioning and edit rollback
  • Custom themes no problem, and no rocket science
  • HTML5 (webm) and YouTube video embedding
  • You have a copy of the files? OK, you have a backup. No worries.
  • NOT a ‘website builder’ - Instead, a proper website that’s easy to update
  • Suits the majority of Web hosting accounts.
  • A portable app, easy to migrate
  • HTTP or HTTPS, no problem and minimal changes.

LicenseMozilla Public License 2.0 (MPL 2.0)

Kanban, Calendar, Timeline, Gantt, map, form, workload, and main views transform your data so you can see it the way you want to - from colorful and complex to basic and muted. Use Timeline and Gantt views to track projects and make sure you’re meeting deadlines successfully. Teams see their work in Calendar view to make sure that they’ve distributed initiatives throughout the month and year.

User Ratings

5.0 out of 5 stars

★★★★★

★★★★

★★★

★★

ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

Additional Project Details

LanguagesEnglish

Intended AudienceAdvanced End Users, System Administrators, Developers, End Users/Desktop

User InterfaceWeb-based

Programming LanguagePHP, JavaScript, AutoIt

Database EnvironmentFlat-file

2015-10-12

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE