Page 11 of 201 results (0.008 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1. Vulnerabilidad de inyección SQL en la función get_user en login_manager.php en rizalafani cms-php v1. • https://github.com/rizalafani/cms-php/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Dreamer CMS 4.0.01 is vulnerable to SQL Injection. Dreamer CMS 4.0.01 es vulnerable a la inyección SQL. • https://gitee.com/isoftforce/dreamer_cms/issues/I5U408 https://packetstormsecurity.com/files/171585/Dreamer-CMS-4.0.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/whiex/c2Rhc2Rhc2Q-/blob/main/MjU1NTI1ODU4ODU%3D.docx https://vuldb.com/?id.213450 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •

CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1

An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. Una omisión de autenticación en Lin-CMS v0.2.1 permite a los atacantes escalar privilegios a superadministrador. • https://gist.github.com/cai-niao98/58c97899695488bd73a73d56adf44c4c https://github.com/cai-niao98/lin-cms • CWE-287: Improper Authentication •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en )Sourcecodester News247 News Magazine (CMS) PHP versiones 5.6 o superiores y MySQL versiones 5.7 o superiores, por medio del campo name de la categoría del blog News247 News Magazine version 1.0 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/168384/News247-News-Magazine-1.0-Cross-Site-Scripting.html https://cxsecurity.com/issue/WLB-2022090039 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •