CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30890
https://notcve.org/view.php?id=CVE-2024-30890
25 Apr 2024 — Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacker to obtain sensitive information via the categories.php component. La vulnerabilidad de Cross-Site Scripting en ED01-CMS v.1.0 permite a un atacante obtener información confidencial a través del componente categories.php. • https://gist.github.com/rootlili/198922ef72c9bef973e04eb6b36a8aad • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28524
https://notcve.org/view.php?id=CVE-2022-28524
26 Apr 2022 — ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php. Se ha detectado que ED01-CMS versión v20180505, contiene una vulnerabilidad de inyección SQL por medio del componente post.php • https://github.com/chilin89117/ED01-CMS/issues/4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28525
https://notcve.org/view.php?id=CVE-2022-28525
26 Apr 2022 — ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. Se ha detectado que ED01-CMS versión v20180505, contiene una vulnerabilidad de carga de archivos arbitraria por medio de /admin/users.php?source=edit_user&id=1 • https://github.com/chilin89117/ED01-CMS/issues/5 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18261
https://notcve.org/view.php?id=CVE-2020-18261
03 Nov 2021 — An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands. Una vulnerabilidad de carga de archivos arbitraria en la función image upload de ED01-CMS versión v1.0, permite a atacantes ejecutar comandos arbitrarios • https://github.com/chilin89117/ED01-CMS/issues/2 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18262
https://notcve.org/view.php?id=CVE-2020-18262
03 Nov 2021 — ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter. Se ha detectado que ED01-CMS versión v1.0, contiene una inyección SQL en el componente cposts.php por medio del parámetro cid • https://github.com/chilin89117/ED01-CMS/issues/3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18259
https://notcve.org/view.php?id=CVE-2020-18259
03 Nov 2021 — ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields. Se ha detectado que ED01-CMS versión v1.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflectiva en el componente sposts.php. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio d... • https://github.com/chilin89117/ED01-CMS/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •