Page 2 of 7 results (0.002 seconds)

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1

A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Fovker8/cve/blob/main/rce.md https://vuldb.com/?ctiid.240363 https://vuldb.com/?id.240363 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/whiex/c2Rhc2Rhc2Q-/blob/main/MjU1NTI1ODU4ODU%3D.docx https://vuldb.com/?id.213450 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •