CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37299
https://notcve.org/view.php?id=CVE-2022-37299
An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php Se ha detectado un problema en Shirne CMS versión 1.2.0. Se presenta una vulnerabilidad de Salto de Ruta que podría causar una lectura arbitraria de archivos por medio del archivo /static/ueditor/php/controller.php • https://gitee.com/shirnecn/ShirneCMS/issues/I5JRHJ?from=project-issue • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36529
https://notcve.org/view.php?id=CVE-2022-36529
Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. Se ha detectado que Kensite CMS versión v1.0, contiene múltiples vulnerabilidades de inyección SQL por medio de los parámetros name y oldname en el archivo /framework/mod/db/DBMapper.xml. • https://github.com/seeyoui/kensite_cms https://github.com/xdon9/xdon/blob/main/kensite_cms • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2769 – SourceCodester Company Website CMS contact cross site scripting
https://notcve.org/view.php?id=CVE-2022-2769
A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS. This issue affects some unknown processing of the file /dashboard/contact. The manipulation of the argument phone leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Company%20Website%20CMS%28XSS%29.md https://vuldb.com/?id.206165 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2765 – SourceCodester Company Website CMS settings improper authentication
https://notcve.org/view.php?id=CVE-2022-2765
A vulnerability was found in SourceCodester Company Website CMS 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/settings. The manipulation leads to improper authentication. The attack can be launched remotely. • https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Company%20Website%20CMS--.md https://vuldb.com/?id.206161 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2751 – SourceCodester Company Website CMS add-portfolio.php unrestricted upload
https://notcve.org/view.php?id=CVE-2022-2751
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/add-portfolio.php. The manipulation of the argument ufile leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206024. • https://vuldb.com/?id.206024 • CWE-434: Unrestricted Upload of File with Dangerous Type •