CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6886 – xnx3 wangmarket Role Management Page code injection
https://notcve.org/view.php?id=CVE-2023-6886
A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Role Management Page. The manipulation leads to code injection. The attack may be launched remotely. • https://github.com/xnx3/wangmarket/issues/8 https://vuldb.com/?ctiid.248246 https://vuldb.com/?id.248246 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26813
https://notcve.org/view.php?id=CVE-2023-26813
SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do. • https://github.com/xnx3/wangmarket/issues/7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •