Page 12 of 201 results (0.002 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php Se ha detectado un problema en Shirne CMS versión 1.2.0. Se presenta una vulnerabilidad de Salto de Ruta que podría causar una lectura arbitraria de archivos por medio del archivo /static/ueditor/php/controller.php • https://gitee.com/shirnecn/ShirneCMS/issues/I5JRHJ?from=project-issue • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. Se ha detectado que Kensite CMS versión v1.0, contiene múltiples vulnerabilidades de inyección SQL por medio de los parámetros name y oldname en el archivo /framework/mod/db/DBMapper.xml. • https://github.com/seeyoui/kensite_cms https://github.com/xdon9/xdon/blob/main/kensite_cms • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS. This issue affects some unknown processing of the file /dashboard/contact. The manipulation of the argument phone leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Company%20Website%20CMS%28XSS%29.md https://vuldb.com/?id.206165 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Company Website CMS 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/settings. The manipulation leads to improper authentication. The attack can be launched remotely. • https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Company%20Website%20CMS--.md https://vuldb.com/?id.206161 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/add-portfolio.php. The manipulation of the argument ufile leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206024. • https://vuldb.com/?id.206024 • CWE-434: Unrestricted Upload of File with Dangerous Type •