5 results (0.010 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file `admin/pages/useredit.php` with a newer version. USOC version Pb2.4Bfx3 contains a fixed version of `admin/pages/useredit.php`. Useful Simple Open-Source CMS (USOC) es un sistema de administración de contenidos (CMS) para programadores. • https://github.com/Aaron-Junker/USOC/commit/c331d26aaab41a7e9e8c1c1a990132dca9d01e10 https://github.com/Aaron-Junker/USOC/releases/tag/Pb2.4Bfx3 https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-557p-hhpc-4wrx • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. • https://github.com/Aaron-Junker/USOC/commit/06217c66c8f9b114726b21633eabcd88ac9034aa https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-89jg-6fr3-9q4h • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue. • https://github.com/Aaron-Junker/USOC/commit/21e8bfd7a9ab0b7f9344a7a3a7c32a7cdd5a0b69 https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-fjp4-phjh-jgmc • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8. Se ha descubierto un problema en daveismyname simple-cms hasta el 11/03/2014. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede eliminar cualquier página mediante admin/? • https://github.com/daveismyname/simple-cms/issues/4 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF. Se ha descubierto un problema en daveismyname simple-cms hasta el 11/03/2014 en el que admin/addpage.php no requiere la autenticación para añadir una página. Esto también se puede explotar mediante Cross-Site Request Forgery (CSRF). • https://github.com/daveismyname/simple-cms/issues/2 https://github.com/daveismyname/simple-cms/issues/3 • CWE-352: Cross-Site Request Forgery (CSRF) •