CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6886 – xnx3 wangmarket Role Management Page code injection
https://notcve.org/view.php?id=CVE-2023-6886
17 Dec 2023 — A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Role Management Page. The manipulation leads to code injection. The attack may be launched remotely. • https://github.com/xnx3/wangmarket/issues/8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26813
https://notcve.org/view.php?id=CVE-2023-26813
28 Apr 2023 — SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do. • https://github.com/xnx3/wangmarket/issues/7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •