freewvsdb/cms.json
e1127d74
 [
   {
     "name": "WebsiteBaker",
     "url": "https://websitebaker.org/",
07013e56
     "safe": "2.11.0",
     "vuln": "CVE-2017-16514",
e1127d74
     "detection": [
       {
         "file": "version.php",
         "variable": "VERSION",
         "subdir": 3,
         "extra_match": "Website Baker Project"
07013e56
       },
e1127d74
       {
07013e56
         "file": "version.php",
         "variable": "VERSION",
         "subdir": 2,
         "extra_match": "isteam"
e1127d74
       }
     ]
   },
   {
     "name": "toendaCMS",
     "url": "http://www.toendacms.com/",
     "safe": "",
     "vuln": "CVE-2007-1872",
     "detection": [
       {
         "file": "tcms_version.xml",
         "variable": "release",
         "subdir": 2
       }
     ]
   },
   {
8ec7d79e
     "name": "Drupal",
e1127d74
     "url": "https://www.drupal.org/",
cabe1d6b
     "safe": "9.0.9",
5332b07b
     "old_safe": "8.9.11,8.8.12,7.77",
cabe1d6b
     "vuln": "CVE-2020-28948",
5332b07b
     "latest": "9.0.10",
e1127d74
     "detection": [
       {
         "file": "system.module",
         "variable": "define('VERSION'",
8ec7d79e
         "subdir": 2,
         "note": "6.x and older"
       },
e1127d74
       {
         "file": "bootstrap.inc",
         "variable": "define('VERSION'",
8ec7d79e
         "subdir": 1,
         "note": "7.x"
       },
e1127d74
       {
         "file": "Drupal.php",
         "variable": "const VERSION",
8ec7d79e
         "subdir": 2,
         "note": "8.x"
e1127d74
       }
     ]
   },
   {
     "name": "PHPNuke",
     "url": "https://www.phpnuke.org/",
     "safe": "8.1",
     "vuln": "CVE-2007-1519",
     "note": "I'm not really sure about that, but 8.0 is at least vulnerable, pre 8.0 aren't easily detectable",
     "detection": [
       {
         "file": "version.php",
         "variable": "$version_number",
         "subdir": 2,
         "extra_match": "PHP-Nuke $version_number"
       }
     ]
   },
   {
8ec7d79e
     "name": "TYPO3",
e1127d74
     "url": "https://typo3.org/",
c11f3503
     "safe": "10.4.2",
     "old_safe": "9.5.17",
     "vuln": "CVE-2020-11069",
e1127d74
     "detection": [
       {
         "file": "config_default.php",
         "variable": "$TYPO_VERSION",
8ec7d79e
         "subdir": 1,
         "note": "4.x and older"
       },
e1127d74
       {
         "file": "SystemEnvironmentBuilder.php",
1fa9aebe
         "extra_nomatch": "TYPO3\\CMS\\Core\\Utility\\PathUtility",
e1127d74
         "variable": "define('TYPO3_version",
1fa9aebe
         "subdir": 4,
         "note": "6.x to 8.x"
       },
       {
         "file": "Typo3Version.php",
         "variable": "VERSION =",
         "subdir": 4,
         "note": "9.x and newer"
e1127d74
       }
     ]
   },
   {
8ec7d79e
     "name": "Joomla",
e1127d74
     "url": "https://www.joomla.org/",
24b75277
     "safe": "3.9.23",
     "vuln": "https://developer.joomla.org/security-centre/834-20201107-core-write-acl-violation-in-multiple-core-views.html",
e1127d74
     "detection": [
       {
         "file": "CHANGELOG.php",
         "variable": "---------------",
         "subdir": 0,
8ec7d79e
         "extra_match": "Joomla! is free software.",
         "note": "1.5 and older"
       },
e1127d74
       {
         "file": "joomla.xml",
         "variable": "<version>",
         "subdir": 3,
         "extra_match": "FILES_JOOMLA_XML_DESCRIPTION",
         "path_match": "administrator/manifests/files"
       }
     ]
   },
   {
     "name": "Mambo",
     "url": "http://www.source.mambo-foundation.org/",
     "safe": "",
     "vuln": "CVE-2008-2905",
     "detection": [
       {
         "file": "version.php",
         "variable": "var $RELEASE,var $DEV_LEVEL",
         "subdir": 1,
         "extra_match": "@package Mambo"
       }
     ]
   },
   {
     "name": "w-Agora",
     "url": "http://www.w-agora.net/",
     "safe": "",
     "vuln": "CVE-2007-0607",
     "latest": "4.2.1",
     "detection": [
       {
         "file": "misc_func.php",
         "variable": "$v =",
         "subdir": 1,
         "extra_match": "w-agora version $v"
       }
     ]
   },
   {
3218aac0
     "name": "MODX",
e1127d74
     "url": "https://modx.com/",
3218aac0
     "safe": "2.7.1",
     "latest": "2.7.2",
     "vuln": "CVE-2018-17556",
e1127d74
     "detection": [
       {
         "file": "version.inc.php",
         "variable": "$version",
         "subdir": 2,
3218aac0
         "extra_match": "$full_appname = 'MODx'",
         "note": "0.x"
       },
e1127d74
       {
         "file": "version.inc.php",
         "variable": "$modx_version",
3218aac0
         "subdir": 2,
         "note": "1.x"
       },
e1127d74
       {
         "file": "changelog.txt",
         "variable": "MODX Revolution",
         "subdir": 2,
         "extra_match": "MODX"
       }
     ]
   },
   {
     "name": "PostNuke",
     "url": "http://www.postnuke.com",
     "safe": "",
     "vuln": "CVE-2007-0385",
     "latest": "0.764",
     "detection": [
       {
         "file": "global.php",
         "variable": "_MESSAGE_00_a",
         "subdir": 2,
         "extra_match": "http://www.pn-cms.de"
       }
     ]
   },
   {
     "name": "Contenido",
     "url": "https://www.contenido.org/",
6b04adb7
     "safe": "4.9.12",
     "vuln": "https://devwerks.net/advisories/DW-2016-008_CONTENIDO_XSS.txt",
     "latest": "4.10.1",
e1127d74
     "detection": [
       {
         "file": "config.misc.php",
         "variable": "$cfg['version']",
         "subdir": 1,
         "extra_match": "Contenido Misc Configurations"
6b04adb7
       },
       {
         "file": "startup.php",
         "variable": "CON_VERSION",
         "subdir": 1
e1127d74
       }
     ]
   },
   {
     "name": "SilverStripe",
     "url": "https://www.silverstripe.com",
     "safe": "2.4.7",
     "vuln": "CVE-2012-0976",
     "detection": [
       {
         "file": "silverstripe_version",
         "variable": "/open/modules/cms/",
         "subdir": 1,
         "extra_match": "/open/modules/cms/"
       }
     ]
   },
   {
     "name": "CMSMadeSimple",
     "url": "https://www.cmsmadesimple.org/",
6b04adb7
     "safe": "2.2.12",
     "vuln": "CVE-2019-17226",
e1127d74
     "detection": [
       {
         "file": "version.php",
         "variable": "$CMS_VERSION",
         "subdir": 0
       }
     ]
   },
   {
     "name": "e107",
     "url": "https://e107.org/",
     "safe": "1.0.0",
     "vuln": "CVE-2011-4920",
     "detection": [
       {
         "file": "ver.php",
         "variable": "$e107info['e107_version']",
         "subdir": 0
       }
     ]
   },
   {
     "name": "SPIP",
     "url": "https://www.spip.net/",
6b04adb7
     "safe": "3.2.5",
     "old_safe": "3.1.11",
     "vuln": "CVE-2019-16392",
e1127d74
     "detection": [
       {
         "file": "inc_version.php",
         "variable": "$spip_version_branche",
         "subdir": 1
       }
     ]
   },
   {
     "name": "contao",
     "url": "https://contao.org/",
be281588
     "safe": "4.7.5",
     "old_safe": "4.4.39",
     "vuln": "CVE-2019-11512",
e1127d74
     "detection": [
       {
be281588
         "file": "CHANGELOG.txt",
e1127d74
         "variable": "Version",
         "subdir": 0,
be281588
         "extra_match": "Contao Open Source CMS Changelog",
         "note": "very old versions"
       },
e1127d74
       {
be281588
         "file": "CHANGELOG.md",
e1127d74
         "variable": "Version",
         "subdir": 0,
be281588
         "extra_match": "Contao Open Source CMS"
e1127d74
       }
     ]
   },
   {
     "name": "redaxo",
     "url": "https://redaxo.org/",
     "safe": "4.5",
     "vuln": "CVE-2012-3869",
     "latest": "4.5",
     "detection": [
       {
         "file": "en_gb.lang",
         "variable": "setup_037",
         "subdir": 3
       }
     ]
   },
   {
     "name": "textpattern",
     "url": "https://textpattern.com/",
     "safe": "4.7.0",
     "vuln": "CVE-2018-7474",
     "latest": "4.7.3",
     "detection": [
       {
         "file": "index.php",
         "variable": "$thisversion",
         "subdir": 1
       }
     ]
   },
   {
     "name": "bolt",
     "url": "https://bolt.cm/",
     "safe": "3.5.3",
     "vuln": "https://github.com/bolt/bolt/blob/v3.5.4/changelog.md#bolt-353",
     "latest": "3.5.3",
     "detection": [
       {
         "file": "Version.php",
         "variable": "const VERSION",
         "subdir": 4,
         "extra_match": "Bolt's"
       }
     ]
   }
038282ef
 ]