CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5221 – ForU CMS index.php code injection
https://notcve.org/view.php?id=CVE-2023-5221
A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Fovker8/cve/blob/main/rce.md https://vuldb.com/?ctiid.240363 https://vuldb.com/?id.240363 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3943 – ForU CMS cms_chip.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-3943
A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/whiex/c2Rhc2Rhc2Q-/blob/main/MjU1NTI1ODU4ODU%3D.docx https://vuldb.com/?id.213450 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •