GCVE - cpe:2.3:a:ametys:ametys:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ametys:ametys:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ametys (`659b6fe0-7e37-510e-86d5-fa44bd998ea9`)
Product	Ametys (`eb598956-ea68-5d28-950d-b739fa29a591`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:sourceforge/ametys`	purl2cpe	2026-06-01 10:15:35.928879

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-30614`	vulnerable	2026-06-08 06:35:30.612948	Details available An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope. Published: 2024-04-12T00:00:00.000Z Updated: 2025-03-27T20:09:35.782Z Open on db.gcve.eu Reference links https://github.com/Lucky-lm/CVE-2024-30614/issues/1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-26159`	vulnerable	2026-06-08 05:41:50.710713	Details available The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords. Published: 2022-02-28T03:53:46.000Z Updated: 2024-08-03T04:56:37.889Z Open on db.gcve.eu Reference links https://issues.ametys.org/browse/CMS-10973 https://podalirius.net/en/cves/2022-26159/ https://github.com/p0dalirius/CVE-2022-26159-Ametys-Autocompletion-XML/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-16935`	vulnerable	2026-06-08 05:09:07.599897	Details available Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the admin password by obtaining account details via a users/search.json request, and then modifying the account via an editUser request. Published: 2017-11-24T07:00:00.000Z Updated: 2024-08-05T20:43:57.812Z Open on db.gcve.eu Reference links https://blogs.securiteam.com/index.php/archives/3517 https://issues.ametys.org/browse/RUNTIME-2582	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.