CVE-2021-35284
https://notcve.org/view.php?id=CVE-2021-35284
SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1. Vulnerabilidad de inyección SQL en la función get_user en login_manager.php en rizalafani cms-php v1. • https://github.com/rizalafani/cms-php/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-42245
https://notcve.org/view.php?id=CVE-2022-42245
Dreamer CMS 4.0.01 is vulnerable to SQL Injection. Dreamer CMS 4.0.01 es vulnerable a la inyección SQL. • https://gitee.com/isoftforce/dreamer_cms/issues/I5U408 https://packetstormsecurity.com/files/171585/Dreamer-CMS-4.0.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-3943 – ForU CMS cms_chip.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-3943
A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/whiex/c2Rhc2Rhc2Q-/blob/main/MjU1NTI1ODU4ODU%3D.docx https://vuldb.com/?id.213450 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVE-2022-44244
https://notcve.org/view.php?id=CVE-2022-44244
An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. Una omisión de autenticación en Lin-CMS v0.2.1 permite a los atacantes escalar privilegios a superadministrador. • https://gist.github.com/cai-niao98/58c97899695488bd73a73d56adf44c4c https://github.com/cai-niao98/lin-cms • CWE-287: Improper Authentication •
CVE-2021-41731 – News247 News Magazine 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-41731
Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en )Sourcecodester News247 News Magazine (CMS) PHP versiones 5.6 o superiores y MySQL versiones 5.7 o superiores, por medio del campo name de la categoría del blog News247 News Magazine version 1.0 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/168384/News247-News-Magazine-1.0-Cross-Site-Scripting.html https://cxsecurity.com/issue/WLB-2022090039 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •