[
  {
    "name": "WebsiteBaker",
    "url": "https://websitebaker.org/",
    "safe": "2.11.0",
    "vuln": "CVE-2017-16514",
    "detection": [
      {
        "file": "version.php",
        "variable": "VERSION",
        "subdir": 3,
        "extra_match": "Website Baker Project"
      },
      {
        "file": "version.php",
        "variable": "VERSION",
        "subdir": 2,
        "extra_match": "isteam"
      }
    ]
  },
  {
    "name": "toendaCMS",
    "url": "http://www.toendacms.com/",
    "safe": "",
    "vuln": "CVE-2007-1872",
    "detection": [
      {
        "file": "tcms_version.xml",
        "variable": "release",
        "subdir": 2
      }
    ]
  },
  {
    "name": "Drupal",
    "url": "https://www.drupal.org/",
    "safe": "9.0.6",
    "old_safe": "8.9.6,8.8.10,7.73",
    "vuln": "CVE-2020-13666",
    "latest": "9.0.6",
    "detection": [
      {
        "file": "system.module",
        "variable": "define('VERSION'",
        "subdir": 2,
        "note": "6.x and older"
      },
      {
        "file": "bootstrap.inc",
        "variable": "define('VERSION'",
        "subdir": 1,
        "note": "7.x"
      },
      {
        "file": "Drupal.php",
        "variable": "const VERSION",
        "subdir": 2,
        "note": "8.x"
      }
    ]
  },
  {
    "name": "PHPNuke",
    "url": "https://www.phpnuke.org/",
    "safe": "8.1",
    "vuln": "CVE-2007-1519",
    "note": "I'm not really sure about that, but 8.0 is at least vulnerable, pre 8.0 aren't easily detectable",
    "detection": [
      {
        "file": "version.php",
        "variable": "$version_number",
        "subdir": 2,
        "extra_match": "PHP-Nuke $version_number"
      }
    ]
  },
  {
    "name": "TYPO3",
    "url": "https://typo3.org/",
    "safe": "10.4.2",
    "old_safe": "9.5.17",
    "vuln": "CVE-2020-11069",
    "detection": [
      {
        "file": "config_default.php",
        "variable": "$TYPO_VERSION",
        "subdir": 1,
        "note": "4.x and older"
      },
      {
        "file": "SystemEnvironmentBuilder.php",
        "extra_nomatch": "TYPO3\\CMS\\Core\\Utility\\PathUtility",
        "variable": "define('TYPO3_version",
        "subdir": 4,
        "note": "6.x to 8.x"
      },
      {
        "file": "Typo3Version.php",
        "variable": "VERSION =",
        "subdir": 4,
        "note": "9.x and newer"
      }
    ]
  },
  {
    "name": "Joomla",
    "url": "https://www.joomla.org/",
    "safe": "3.9.20",
    "vuln": "CVE-2020-15698",
    "detection": [
      {
        "file": "CHANGELOG.php",
        "variable": "---------------",
        "subdir": 0,
        "extra_match": "Joomla! is free software.",
        "note": "1.5 and older"
      },
      {
        "file": "joomla.xml",
        "variable": "<version>",
        "subdir": 3,
        "extra_match": "FILES_JOOMLA_XML_DESCRIPTION",
        "path_match": "administrator/manifests/files"
      }
    ]
  },
  {
    "name": "Mambo",
    "url": "http://www.source.mambo-foundation.org/",
    "safe": "",
    "vuln": "CVE-2008-2905",
    "detection": [
      {
        "file": "version.php",
        "variable": "var $RELEASE,var $DEV_LEVEL",
        "subdir": 1,
        "extra_match": "@package Mambo"
      }
    ]
  },
  {
    "name": "w-Agora",
    "url": "http://www.w-agora.net/",
    "safe": "",
    "vuln": "CVE-2007-0607",
    "latest": "4.2.1",
    "detection": [
      {
        "file": "misc_func.php",
        "variable": "$v =",
        "subdir": 1,
        "extra_match": "w-agora version $v"
      }
    ]
  },
  {
    "name": "MODX",
    "url": "https://modx.com/",
    "safe": "2.7.1",
    "latest": "2.7.2",
    "vuln": "CVE-2018-17556",
    "detection": [
      {
        "file": "version.inc.php",
        "variable": "$version",
        "subdir": 2,
        "extra_match": "$full_appname = 'MODx'",
        "note": "0.x"
      },
      {
        "file": "version.inc.php",
        "variable": "$modx_version",
        "subdir": 2,
        "note": "1.x"
      },
      {
        "file": "changelog.txt",
        "variable": "MODX Revolution",
        "subdir": 2,
        "extra_match": "MODX"
      }
    ]
  },
  {
    "name": "PostNuke",
    "url": "http://www.postnuke.com",
    "safe": "",
    "vuln": "CVE-2007-0385",
    "latest": "0.764",
    "detection": [
      {
        "file": "global.php",
        "variable": "_MESSAGE_00_a",
        "subdir": 2,
        "extra_match": "http://www.pn-cms.de"
      }
    ]
  },
  {
    "name": "Contenido",
    "url": "https://www.contenido.org/",
    "safe": "4.9.12",
    "vuln": "https://devwerks.net/advisories/DW-2016-008_CONTENIDO_XSS.txt",
    "latest": "4.10.1",
    "detection": [
      {
        "file": "config.misc.php",
        "variable": "$cfg['version']",
        "subdir": 1,
        "extra_match": "Contenido Misc Configurations"
      },
      {
        "file": "startup.php",
        "variable": "CON_VERSION",
        "subdir": 1
      }
    ]
  },
  {
    "name": "SilverStripe",
    "url": "https://www.silverstripe.com",
    "safe": "2.4.7",
    "vuln": "CVE-2012-0976",
    "detection": [
      {
        "file": "silverstripe_version",
        "variable": "/open/modules/cms/",
        "subdir": 1,
        "extra_match": "/open/modules/cms/"
      }
    ]
  },
  {
    "name": "CMSMadeSimple",
    "url": "https://www.cmsmadesimple.org/",
    "safe": "2.2.12",
    "vuln": "CVE-2019-17226",
    "detection": [
      {
        "file": "version.php",
        "variable": "$CMS_VERSION",
        "subdir": 0
      }
    ]
  },
  {
    "name": "e107",
    "url": "https://e107.org/",
    "safe": "1.0.0",
    "vuln": "CVE-2011-4920",
    "detection": [
      {
        "file": "ver.php",
        "variable": "$e107info['e107_version']",
        "subdir": 0
      }
    ]
  },
  {
    "name": "SPIP",
    "url": "https://www.spip.net/",
    "safe": "3.2.5",
    "old_safe": "3.1.11",
    "vuln": "CVE-2019-16392",
    "detection": [
      {
        "file": "inc_version.php",
        "variable": "$spip_version_branche",
        "subdir": 1
      }
    ]
  },
  {
    "name": "contao",
    "url": "https://contao.org/",
    "safe": "4.7.5",
    "old_safe": "4.4.39",
    "vuln": "CVE-2019-11512",
    "detection": [
      {
        "file": "CHANGELOG.txt",
        "variable": "Version",
        "subdir": 0,
        "extra_match": "Contao Open Source CMS Changelog",
        "note": "very old versions"
      },
      {
        "file": "CHANGELOG.md",
        "variable": "Version",
        "subdir": 0,
        "extra_match": "Contao Open Source CMS"
      }
    ]
  },
  {
    "name": "redaxo",
    "url": "https://redaxo.org/",
    "safe": "4.5",
    "vuln": "CVE-2012-3869",
    "latest": "4.5",
    "detection": [
      {
        "file": "en_gb.lang",
        "variable": "setup_037",
        "subdir": 3
      }
    ]
  },
  {
    "name": "textpattern",
    "url": "https://textpattern.com/",
    "safe": "4.7.0",
    "vuln": "CVE-2018-7474",
    "latest": "4.7.3",
    "detection": [
      {
        "file": "index.php",
        "variable": "$thisversion",
        "subdir": 1
      }
    ]
  },
  {
    "name": "bolt",
    "url": "https://bolt.cm/",
    "safe": "3.5.3",
    "vuln": "https://github.com/bolt/bolt/blob/v3.5.4/changelog.md#bolt-353",
    "latest": "3.5.3",
    "detection": [
      {
        "file": "Version.php",
        "variable": "const VERSION",
        "subdir": 4,
        "extra_match": "Bolt's"
      }
    ]
  }
]