CVE-2020-23966
https://notcve.org/view.php?id=CVE-2020-23966
SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request. • https://github.com/VictorAlagwu/CMSsite https://github.com/VictorAlagwu/CMSsite/issues/15 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-36503
https://notcve.org/view.php?id=CVE-2021-36503
SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file. • https://github.com/Fanli2012/native-php-cms/issues/3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-35284
https://notcve.org/view.php?id=CVE-2021-35284
SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1. Vulnerabilidad de inyección SQL en la función get_user en login_manager.php en rizalafani cms-php v1. • https://github.com/rizalafani/cms-php/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-41731 – News247 News Magazine 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-41731
Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en )Sourcecodester News247 News Magazine (CMS) PHP versiones 5.6 o superiores y MySQL versiones 5.7 o superiores, por medio del campo name de la categoría del blog News247 News Magazine version 1.0 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/168384/News247-News-Magazine-1.0-Cross-Site-Scripting.html https://cxsecurity.com/issue/WLB-2022090039 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-36529
https://notcve.org/view.php?id=CVE-2022-36529
Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. Se ha detectado que Kensite CMS versión v1.0, contiene múltiples vulnerabilidades de inyección SQL por medio de los parámetros name y oldname en el archivo /framework/mod/db/DBMapper.xml. • https://github.com/seeyoui/kensite_cms https://github.com/xdon9/xdon/blob/main/kensite_cms • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •