freewvsdb/cms.freewvs
cb10b7f6
 [WebsiteBaker]
 url=http://www.websitebaker.org/
03a4b336
 safe=2.8.4
 vuln=CVE-2015-0553
cb10b7f6
 file=version.php
 variable=VERSION
 extra_match=Website Baker Project
 subdir=3
 
336427c0
 [WebsiteBaker28]
 url=http://www.websitebaker.org/
03a4b336
 safe=2.8.4
 vuln=CVE-2015-0553
336427c0
 file=info.php
 variable=$template_platform
 extra_match=wb_theme
 subdir=3
 
cb10b7f6
 [toendaCMS]
 url=http://www.toendacms.com/
 safe=
 vuln=CVE-2007-1872
 file=tcms_version.xml
 variable=release
 subdir=2
 
379d048e
 [Drupal6]
cb10b7f6
 url=http://www.drupal.org/
1c56dc01
 safe=7.59
 latest=7.59
 vuln=CVE-2018-7602
cb10b7f6
 file=system.module
 variable=define('VERSION'
75b62a2d
 subdir=2
cb10b7f6
 
abe84047
 [Drupal7]
 url=http://www.drupal.org/
1c56dc01
 safe=7.59
 latest=7.59
 vuln=CVE-2018-7602
abe84047
 file=bootstrap.inc
 variable=define('VERSION'
b6a91db3
 subdir=1
abe84047
 
13c0da43
 [Drupal8]
 url=http://www.drupal.org/
7fca03d1
 safe=8.5.6
 latest=8.5.6
 vuln=CVE-2018-14773
13c0da43
 file=Drupal.php
 variable=const VERSION
 subdir=2
 
cb10b7f6
 [PHPNuke]
 url=http://phpnuke.org/
 # I'm not really sure about that, but 8.0 is at least vulnerable
 # Versions pre 8.0 aren't easily detectable
 safe=8.1
 vuln=CVE-2007-1519
 file=version.php
 variable=$version_number
 extra_match=PHP-Nuke $version_number
 subdir=2
 
 [Typo3]
 url=http://typo3.org/
47d7b9ff
 safe=8.1.1
 old_safe=7.6.10,7.6.9,7.6.8,6.2.26,6.2.25,6.2.24
 vuln=https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/
cb10b7f6
 file=config_default.php
 variable=$TYPO_VERSION
 subdir=1
 
2ca323a5
 [typo3-6]
 url=http://typo3.org/
9610c7b4
 safe=7.0.2
 old_safe=6.2.9,4.5.39
ee78085f
 vuln=https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-002/
2ca323a5
 file=SystemEnvironmentBuilder.php
 variable=define('TYPO3_version
 subdir=4
 
42c98c11
 [Joomla-1]
cb10b7f6
 url=http://www.joomla.org/
0749fd85
 safe=3.8.12
 vuln=CVE-2018-15880
cb10b7f6
 file=version.php
 variable=var $RELEASE,var $DEV_LEVEL
 extra_match=@package Joomla
 subdir=1
 
cae57068
 # 1.5 has changed identification
42c98c11
 [Joomla-1_5]
cae57068
 url=http://www.joomla.org/
0749fd85
 safe=3.8.12
 vuln=CVE-2018-15880
cae57068
 file=version.php
 variable=var $RELEASE,var $DEV_LEVEL
 extra_match=@package	Joomla.Framework
f32dcdca
 subdir=2
cae57068
 
de00aaa4
 [Joomla-3]
747a8199
 url=http://www.joomla.org/
0749fd85
 safe=3.8.12
 vuln=CVE-2018-15880
747a8199
 file=joomla.xml
 variable=<version>
 #extra_match=@package	Joomla.Framework
 extra_match=<name>files_joomla</name>
 subdir=0
 
cb10b7f6
 [Mambo]
 url=http://www.source.mambo-foundation.org/
1b5640a7
 safe=
366a18bd
 vuln=CVE-2008-2905
cb10b7f6
 file=version.php
 variable=var $RELEASE,var $DEV_LEVEL
 extra_match=@package Mambo
 subdir=1
 
7a512c6f
 [w-Agora]
cb10b7f6
 url=http://www.w-agora.net/
baad0d1c
 # last release 4.2.1 in 2006-07-12
cb10b7f6
 safe=
 vuln=CVE-2007-0607
 file=misc_func.php
 variable=$v =
 subdir=1
 extra_match=w-agora version $v
 
 [MODx]
 url=http://www.modxcms.com/
59d193a7
 safe=1.0.15
 vuln=http://forums.modx.com/thread/94952/multiple-vulnerabilities-xss-remote-command-injection
cb10b7f6
 file=version.inc.php
 variable=$version
 subdir=2
 extra_match=$full_appname = 'MODx'
cd3b01ea
 
a06866b7
 [MODX-1.x]
 url=http://www.modxcms.com/
61ce2b5e
 safe=1.0.15
 vuln=http://forums.modx.com/thread/94952/multiple-vulnerabilities-xss-remote-command-injection
a06866b7
 file=version.inc.php
 variable=$modx_version
 subdir=2
 
 [MODX-2.x]
 url=http://www.modxcms.com/
49a08ad7
 safe=2.2.11
59d193a7
 vuln=http://modx.com/blog/2014/07/15/revolution-2.2.15/
a06866b7
 file=changelog.txt
 variable=MODX Revolution
 subdir=2
 extra_match=MODX
 
cd3b01ea
 [PostNuke]
 # This one is a hell to detect, not sure for how many versions this works
 url=http://www.postnuke.com
6027f367
 # 0.764 last stable in 2006-11-20, 0.8.0.0 rcs available
cd3b01ea
 safe=
 vuln=CVE-2007-0385
 file=global.php
 variable=_MESSAGE_00_a
 subdir=2
 extra_match=http://www.pn-cms.de
0fe5676e
 
 [Contenido]
 url=http://www.contenido.org/
b0f19c8a
 safe=4.8.15
 latest=4.8.15
 vuln=http://www.contenido.org/de/front_content.php?idcat=107&idart=1789&client=6&lang=3
0fe5676e
 file=config.misc.php
 variable=$cfg['version']
 subdir=1
 extra_match=Contenido Misc Configurations
216c4565
 
 [SilverStripe]
 url=http://www.silverstripe.com
1a364482
 safe=2.4.7
 vuln=CVE-2012-0976
216c4565
 file=silverstripe_version
431ed35a
 variable=/open/modules/cms/
 subdir=1
 extra_match=/open/modules/cms/
f5a7f023
 
d23a013b
 [CMSMadeSimple]
f5a7f023
 url=http://www.cmsmadesimple.org/
88c08dd8
 safe=1.11.13
 vuln=http://www.cmsmadesimple.org/2015/02/Announcing-CMS-Made-Simple-1-11-13-Security-Release/
f5a7f023
 file=version.php
 variable=$CMS_VERSION
 subdir=0
174d55d3
 
 [e107]
 url=http://e107.org/
892ff2b7
 safe=1.0.0
d5b34cd8
 vuln=CVE-2011-4920
174d55d3
 file=ver.php
 variable=$e107info['e107_version']
 subdir=0
bae4aac3
 
 [SPIP]
 url=http://www.spip.net/
07e29d94
 safe=2.1.13
 old_safe=2.0.18
 vuln=http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/
bae4aac3
 file=inc_version.php
 variable=$spip_version_branche
 subdir=1
053d4668
 
 [contao]
 url=http://contao.org/
a2fb35f6
 safe=3.2.5
 old_safe=2.11.14
 vuln=CVE-2014-1860
 latest=3.2.5
053d4668
 file=CHANGELOG.md
 variable=Version
a2fb35f6
 extra_match=Contao Open Source CMS
053d4668
 subdir=0
 
 [contao-old]
 url=http://contao.org/
a2fb35f6
 safe=3.2.5
 old_safe=2.11.14
 vuln=CVE-2014-1860
 latest=3.2.5
053d4668
 file=CHANGELOG.txt
 variable=Version
 extra_match=Contao Open Source CMS Changelog
 subdir=0
4f8e40aa
 
 [redaxo]
 url=http://www.redaxo.org/
 safe=4.5
 vuln=CVE-2012-3869
 latest=4.5
 file=en_gb.lang
 variable=setup_037
 subdir=3
2c328368
 
 [textpattern]
 url=https://textpattern.com/
 safe=4.5.7
 vuln=CVE-2014-4737
 latest=4.6.2
 file=index.php
 subdir=1
 variable=$thisversion
36ece2c0
 
 [bolt]
 url=https://bolt.cm/
 safe=3.5.3
 latest=3.5.3
 file=Version.php
 variable=const VERSION
 vuln=https://github.com/bolt/bolt/blob/v3.5.4/changelog.md#bolt-353
 extra_match=Bolt's
 subdir=4