CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43738
https://notcve.org/view.php?id=CVE-2021-43738
An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that can add the administrator account. Se ha detectado un problema en xiaohuanxiong CMS versión 5.0.17. Se presenta una vulnerabilidad de tipo CSRF que puede añadir la cuenta de administrador • https://github.com/hiliqi/xiaohuanxiong/issues/28 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26201
https://notcve.org/view.php?id=CVE-2022-26201
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. Se ha detectado que Victor CMS versión v1.0, contiene una vulnerabilidad de inyección SQL • https://github.com/truonghuuphuc/CVE https://github.com/truonghuuphuc/CVE/blob/main/CVE-2022-26201.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44302
https://notcve.org/view.php?id=CVE-2021-44302
BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidu_map parameters in /user/ztconfig.php. Se ha detectado que BaiCloud-cms versión v2.5.7, contiene múltiples vulnerabilidades de inyección SQL por medio de los parámetros tongji y baidu_map en el archivo /user/ztconfig.php • https://github.com/relightsec/BaiCloud/blob/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23873
https://notcve.org/view.php?id=CVE-2022-23873
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter. Se ha detectado que Victor CMS versión v1.0, contiene una vulnerabilidad de inyección SQL que permite a atacantes inyectar comandos arbitrarios por medio del parámetro "user_firstname" • https://github.com/truonghuuphuc/CVE https://github.com/truonghuuphuc/CVE/blob/main/CVE-2022-23873.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46459
https://notcve.org/view.php?id=CVE-2021-46459
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters. Se ha detectado que Victor CMS versión v1.0, contiene múltiples vulnerabilidades de inyección SQL en el componente admin/users.php?source=add_user. • https://github.com/Nguyen-Trung-Kien/CVE https://github.com/Nguyen-Trung-Kien/CVE/tree/main/CVE-2021-46459 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •