CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41731 – News247 News Magazine 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-41731
15 Sep 2022 — Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en )Sourcecodester News247 News Magazine (CMS) PHP versiones 5.6 o superiores y MySQL versiones 5.7 o superiores, por medio del campo name de la categoría del blog News247 News Magazine version 1.0 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/168384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36529
https://notcve.org/view.php?id=CVE-2022-36529
26 Aug 2022 — Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. Se ha detectado que Kensite CMS versión v1.0, contiene múltiples vulnerabilidades de inyección SQL por medio de los parámetros name y oldname en el archivo /framework/mod/db/DBMapper.xml. • https://github.com/seeyoui/kensite_cms • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2769 – SourceCodester Company Website CMS contact cross site scripting
https://notcve.org/view.php?id=CVE-2022-2769
11 Aug 2022 — A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS. This issue affects some unknown processing of the file /dashboard/contact. The manipulation of the argument phone leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Company%20Website%20CMS%28XSS%29.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2765 – SourceCodester Company Website CMS settings improper authentication
https://notcve.org/view.php?id=CVE-2022-2765
11 Aug 2022 — A vulnerability was found in SourceCodester Company Website CMS 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/settings. The manipulation leads to improper authentication. The attack can be launched remotely. • https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Company%20Website%20CMS--.md • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-35283
https://notcve.org/view.php?id=CVE-2021-35283
07 Jul 2022 — SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php. Una vulnerabilidad de inyección SQL en el archivo product_admin.php en atoms183 CMS versión 1.0, permite a atacantes ejecutar comandos arbitrarios por medio de los parámetros Name, Fname e ID en el archivo search.php • https://github.com/atoms183/CMS/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-35597
https://notcve.org/view.php?id=CVE-2020-35597
16 Jun 2022 — Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php. Victor CMS versión 1.0, es vulnerable a la inyección SQL por medio del parámetro c_id del archivo admin_edit_comment.php, el parámetro p_id del archivo admin_edit_post.php, el parámetro u_id del archivo admin_edit_user.php y el parámetro edit del archivos admin_update_categories.php • https://cxsecurity.com/issue/WLB-2020120118 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-28060
https://notcve.org/view.php?id=CVE-2022-28060
28 Apr 2022 — SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. Una Vulnerabilidad de inyección SQL en Victor CMS versión v1.0, por medio del parámetro user_name en /includes/login.php • https://github.com/JiuBanSec/CVE/blob/main/VictorCMS%20SQL.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 24%CPEs: 1EXPL: 1CVE-2022-27478
https://notcve.org/view.php?id=CVE-2022-27478
21 Apr 2022 — Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin. Se ha detectado que Victor versión v1.0, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio del componente admin/profile.php?section=admin • https://github.com/k0xx11/Vulscve/blob/master/Victor1.0-rce.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2022-26613
https://notcve.org/view.php?id=CVE-2022-26613
06 Apr 2022 — PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php. Se ha detectado que PHP-CMS versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro category en el archivo categorymenu.php • https://github.com/harshitbansal373/PHP-CMS/issues/14 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26201
https://notcve.org/view.php?id=CVE-2022-26201
04 Mar 2022 — Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. Se ha detectado que Victor CMS versión v1.0, contiene una vulnerabilidad de inyección SQL • https://github.com/truonghuuphuc/CVE • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •