CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2694 – SourceCodester Company Website CMS unrestricted upload
https://notcve.org/view.php?id=CVE-2022-2694
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Jamison2022/Company-Website-CMS/blob/main/Company%20Website%20CMS-FileUpload.md https://vuldb.com/?id.205817 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-35283
https://notcve.org/view.php?id=CVE-2021-35283
SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php. Una vulnerabilidad de inyección SQL en el archivo product_admin.php en atoms183 CMS versión 1.0, permite a atacantes ejecutar comandos arbitrarios por medio de los parámetros Name, Fname e ID en el archivo search.php • https://github.com/atoms183/CMS/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 2CVE-2020-35597
https://notcve.org/view.php?id=CVE-2020-35597
Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php. Victor CMS versión 1.0, es vulnerable a la inyección SQL por medio del parámetro c_id del archivo admin_edit_comment.php, el parámetro p_id del archivo admin_edit_post.php, el parámetro u_id del archivo admin_edit_user.php y el parámetro edit del archivos admin_update_categories.php • https://cxsecurity.com/issue/WLB-2020120118 https://github.com/VictorAlagwu/CMSsite/issues/16 https://www.exploit-db.com/exploits/49282 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-28060
https://notcve.org/view.php?id=CVE-2022-28060
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. Una Vulnerabilidad de inyección SQL en Victor CMS versión v1.0, por medio del parámetro user_name en /includes/login.php • https://github.com/JiuBanSec/CVE/blob/main/VictorCMS%20SQL.md https://github.com/JiuBanSec/CVE_LIST/blob/main/CVE-2022-28060/CVE-2022-28060.pdf https://github.com/VictorAlagwu/CMSsite • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28525
https://notcve.org/view.php?id=CVE-2022-28525
ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. Se ha detectado que ED01-CMS versión v20180505, contiene una vulnerabilidad de carga de archivos arbitraria por medio de /admin/users.php?source=edit_user&id=1 • https://github.com/chilin89117/ED01-CMS/issues/5 • CWE-434: Unrestricted Upload of File with Dangerous Type •