[WebsiteBaker]
url=http://www.websitebaker.org/
safe=2.8.4
vuln=CVE-2015-0553
file=version.php
variable=VERSION
extra_match=Website Baker Project
subdir=3

[WebsiteBaker28]
url=http://www.websitebaker.org/
safe=2.8.4
vuln=CVE-2015-0553
file=info.php
variable=$template_platform
extra_match=wb_theme
subdir=3

[toendaCMS]
url=http://www.toendacms.com/
safe=
vuln=CVE-2007-1872
file=tcms_version.xml
variable=release
subdir=2

[Drupal6]
url=http://www.drupal.org/
safe=7.56
latest=7.56
vuln=CVE-2017-6921
file=system.module
variable=define('VERSION'
subdir=2

[Drupal7]
url=http://www.drupal.org/
safe=7.56
latest=7.56
vuln=CVE-2017-6921
file=bootstrap.inc
variable=define('VERSION'
subdir=1

[Drupal8]
url=http://www.drupal.org/
safe=8.3.4
latest=8.3.4
vuln=CVE-2017-6921
file=Drupal.php
variable=const VERSION
subdir=2

[PHPNuke]
url=http://phpnuke.org/
# I'm not really sure about that, but 8.0 is at least vulnerable
# Versions pre 8.0 aren't easily detectable
safe=8.1
vuln=CVE-2007-1519
file=version.php
variable=$version_number
extra_match=PHP-Nuke $version_number
subdir=2

[Typo3]
url=http://typo3.org/
safe=8.1.1
old_safe=7.6.10,7.6.9,7.6.8,6.2.26,6.2.25,6.2.24
vuln=https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/
file=config_default.php
variable=$TYPO_VERSION
subdir=1

[typo3-6]
url=http://typo3.org/
safe=7.0.2
old_safe=6.2.9,4.5.39
vuln=https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-002/
file=SystemEnvironmentBuilder.php
variable=define('TYPO3_version
subdir=4

[Joomla-1]
url=http://www.joomla.org/
safe=3.8.2
vuln=CVE-2017-16634
file=version.php
variable=var $RELEASE,var $DEV_LEVEL
extra_match=@package Joomla
subdir=1

# 1.5 has changed identification
[Joomla-1_5]
url=http://www.joomla.org/
safe=3.8.2
vuln=CVE-2017-16634
file=version.php
variable=var $RELEASE,var $DEV_LEVEL
extra_match=@package	Joomla.Framework
subdir=2

[Joomla-3]
url=http://www.joomla.org/
safe=3.8.2
vuln=CVE-2017-16634
file=joomla.xml
variable=<version>
#extra_match=@package	Joomla.Framework
extra_match=<name>files_joomla</name>
subdir=0

[Mambo]
url=http://www.source.mambo-foundation.org/
safe=
vuln=CVE-2008-2905
file=version.php
variable=var $RELEASE,var $DEV_LEVEL
extra_match=@package Mambo
subdir=1

[w-Agora]
url=http://www.w-agora.net/
# last release 4.2.1 in 2006-07-12
safe=
vuln=CVE-2007-0607
file=misc_func.php
variable=$v =
subdir=1
extra_match=w-agora version $v

[MODx]
url=http://www.modxcms.com/
safe=1.0.15
vuln=http://forums.modx.com/thread/94952/multiple-vulnerabilities-xss-remote-command-injection
file=version.inc.php
variable=$version
subdir=2
extra_match=$full_appname = 'MODx'

[MODX-1.x]
url=http://www.modxcms.com/
safe=1.0.15
vuln=http://forums.modx.com/thread/94952/multiple-vulnerabilities-xss-remote-command-injection
file=version.inc.php
variable=$modx_version
subdir=2

[MODX-2.x]
url=http://www.modxcms.com/
safe=2.2.11
vuln=http://modx.com/blog/2014/07/15/revolution-2.2.15/
file=changelog.txt
variable=MODX Revolution
subdir=2
extra_match=MODX

[PostNuke]
# This one is a hell to detect, not sure for how many versions this works
url=http://www.postnuke.com
# 0.764 last stable in 2006-11-20, 0.8.0.0 rcs available
safe=
vuln=CVE-2007-0385
file=global.php
variable=_MESSAGE_00_a
subdir=2
extra_match=http://www.pn-cms.de

[Contenido]
url=http://www.contenido.org/
safe=4.8.15
latest=4.8.15
vuln=http://www.contenido.org/de/front_content.php?idcat=107&idart=1789&client=6&lang=3
file=config.misc.php
variable=$cfg['version']
subdir=1
extra_match=Contenido Misc Configurations

[SilverStripe]
url=http://www.silverstripe.com
safe=2.4.7
vuln=CVE-2012-0976
file=silverstripe_version
variable=/open/modules/cms/
subdir=1
extra_match=/open/modules/cms/

[CMSMadeSimple]
url=http://www.cmsmadesimple.org/
safe=1.11.13
vuln=http://www.cmsmadesimple.org/2015/02/Announcing-CMS-Made-Simple-1-11-13-Security-Release/
file=version.php
variable=$CMS_VERSION
subdir=0

[e107]
url=http://e107.org/
safe=1.0.0
vuln=CVE-2011-4920
file=ver.php
variable=$e107info['e107_version']
subdir=0

[SPIP]
url=http://www.spip.net/
safe=2.1.13
old_safe=2.0.18
vuln=http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/
file=inc_version.php
variable=$spip_version_branche
subdir=1

[contao]
url=http://contao.org/
safe=3.2.5
old_safe=2.11.14
vuln=CVE-2014-1860
latest=3.2.5
file=CHANGELOG.md
variable=Version
extra_match=Contao Open Source CMS
subdir=0

[contao-old]
url=http://contao.org/
safe=3.2.5
old_safe=2.11.14
vuln=CVE-2014-1860
latest=3.2.5
file=CHANGELOG.txt
variable=Version
extra_match=Contao Open Source CMS Changelog
subdir=0

[redaxo]
url=http://www.redaxo.org/
safe=4.5
vuln=CVE-2012-3869
latest=4.5
file=en_gb.lang
variable=setup_037
subdir=3

[textpattern]
url=https://textpattern.com/
safe=4.5.7
vuln=CVE-2014-4737
latest=4.6.2
file=index.php
subdir=1
variable=$thisversion