CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18261
https://notcve.org/view.php?id=CVE-2018-18261
14 Apr 2019 — In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter. Existe una vulnerabilidad de XSS en Waimai Super Cms 20150505, a través del parámetro /admin.php/Foodcat/addsave fcname. • https://github.com/caokang/waimai/issues/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7585
https://notcve.org/view.php?id=CVE-2019-7585
07 Feb 2019 — An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI. Se ha descubierto un problema en Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php permite una inyección SQL basada en tiempo mediante el parámetro param array en el URI /index.php?m=publica=checkemail. • https://github.com/caokang/waimai/issues/11 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7567
https://notcve.org/view.php?id=CVE-2019-7567
07 Feb 2019 — An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter. Se ha descubierto un problema en Waimai Super Cms 20150505. admin.php?m=Membera=adminaddsave tiene Cross-Site Scripting (XSS) mediante los parámetros username o password. • https://github.com/caokang/waimai/issues/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3577
https://notcve.org/view.php?id=CVE-2019-3577
02 Jan 2019 — An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI. Se ha descubierto un problema en Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php permite inyecciones SQL a ciegas mediante el parámetro id[0] en el URI /product. • https://github.com/caokang/waimai/issues/9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18622
https://notcve.org/view.php?id=CVE-2018-18622
23 Oct 2018 — An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public&a=doregister username parameter. Se ha descubierto un problema en Waimai Super Cms 20150505. Hay Cross-Site Scripting (XSS) mediante el parámetro username en index.php? • https://github.com/caokang/waimai/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18082
https://notcve.org/view.php?id=CVE-2018-18082
09 Oct 2018 — XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI. Existe Cross-Site Scripting (XSS) en Waimai Super Cms 20150505 mediante el parámetro fname en los URI admin.php?m=Fooda=addsave o admin.php? • https://github.com/caokang/waimai/issues/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16315
https://notcve.org/view.php?id=CVE-2018-16315
01 Sep 2018 — In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. En waimai Super Cms 20150505, hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede cambiar la configuración mediante admin.php?m=Configa=add. • https://github.com/caokang/waimai/issues/3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16157
https://notcve.org/view.php?id=CVE-2018-16157
30 Aug 2018 — waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter to zero, the entire cart is sold for free. waimai Super Cms 20150505 tiene un error de lógica que permite que atacantes modifiquen un precio, antes del envío de un formulario, observando los datos en una captura de paquetes. Al establecer el parámetro index.php?m=carta=save item_totals como cero, todo el c... • https://github.com/caokang/waimai/issues/5 •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15570
https://notcve.org/view.php?id=CVE-2018-15570
20 Aug 2018 — In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter. In waimai Super Cms 20150505,hay Cross-Site Scripting (XSS) persistente mediante el parámetro fcname en /admin.php/Foodcat/editsave. • https://github.com/caokang/waimai/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •