CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14600
https://notcve.org/view.php?id=CVE-2017-14600
19 Sep 2017 — Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. Pragyan CMS v3.0 es vulnerable a una inyección SQL basada en errores en cms/admin.lib.php mediante $_GET['del_black']. Esto deriva en una divulgación de información. • https://github.com/delta/pragyan/issues/228 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14601
https://notcve.org/view.php?id=CVE-2017-14601
19 Sep 2017 — Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. Pragyan CMS v3.0 es vulnerable a una inyección SQL basada en valores booleanos en cms/admin.lib.php mediante $_GET['forwhat']. Esto deriva en una divulgación de información. • https://github.com/delta/pragyan/issues/228 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4627
https://notcve.org/view.php?id=CVE-2015-4627
07 Sep 2017 — SQL injection vulnerability in Pragyan CMS 3.0. Existe una vulnerabilidad de inyección SQL en Pragyan CMS 3.0. • https://github.com/delta/pragyan/issues/207 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-11324
https://notcve.org/view.php?id=CVE-2017-11324
24 Jul 2017 — An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter. Se ha descubierto un problema en Tilde CMS 1.0.1. Al no escapar el carácter acento grave, una consulta SELECT en class.SystemAction.php es vulnerable a inyección SQL. • https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-11325
https://notcve.org/view.php?id=CVE-2017-11325
24 Jul 2017 — An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php. Se detectó un problema en Tilde CMS versión 1.0.1. Los archivos arbitrarios se pueden leer por medio de un ataque file=../ en actionphp/download.File.php. • https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-11326
https://notcve.org/view.php?id=CVE-2017-11326
24 Jul 2017 — An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation. Se ha descubierto un problema en Tilde CMS 1.0.1. Es posible omitir las restricciones implementadas en la subida de archivos arbitrarios mediante una manipulación filename. • https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-11327
https://notcve.org/view.php?id=CVE-2017-11327
24 Jul 2017 — An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload. Se detectó un problema en Tilde CMS versión 1.0.1. • https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6509
https://notcve.org/view.php?id=CVE-2017-6509
07 Mar 2017 — Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php (id parameter). Smith0r/burgundy-cms en versiones anteriores a 2017-03-06 es vulnerable a XSS reflejado en admin/components/menu/views/menuitems.php (parámetro id). • https://github.com/Smith0r/burgundy-cms/issues/36 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-4678
https://notcve.org/view.php?id=CVE-2015-4678
19 Jun 2015 — SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI. Vulnerabilidad de inyección SQL en Persian Car CMS 1.0 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro cat_id en la URI por defecto. • http://packetstormsecurity.com/files/132216/Persian-Car-CMS-1.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 2CVE-2012-4901 – Template CMS 2.1.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4901
20 May 2015 — Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php. Vulnerabilidad de XSS en Template CMS 2.1.1 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro themes_editor en una acción add_template a admin/index.php. • https://www.exploit-db.com/exploits/21742 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •