CVE-2022-23873
https://notcve.org/view.php?id=CVE-2022-23873
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter. Se ha detectado que Victor CMS versión v1.0, contiene una vulnerabilidad de inyección SQL que permite a atacantes inyectar comandos arbitrarios por medio del parámetro "user_firstname" • https://github.com/truonghuuphuc/CVE https://github.com/truonghuuphuc/CVE/blob/main/CVE-2022-23873.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-46459
https://notcve.org/view.php?id=CVE-2021-46459
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters. Se ha detectado que Victor CMS versión v1.0, contiene múltiples vulnerabilidades de inyección SQL en el componente admin/users.php?source=add_user. • https://github.com/Nguyen-Trung-Kien/CVE https://github.com/Nguyen-Trung-Kien/CVE/tree/main/CVE-2021-46459 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-46458
https://notcve.org/view.php?id=CVE-2021-46458
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter. Se ha detectado que Victor CMS versión v1.0, contiene una vulnerabilidad de inyección SQL en el componente admin/posts.php?source=add_post. • https://github.com/Nguyen-Trung-Kien/CVE https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2021-46458/CVE-2021-46458.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-25203
https://notcve.org/view.php?id=CVE-2021-25203
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php. Una vulnerabilidad de carga de archivos arbitrarios en Victor CMS versión v1.0, permite a atacantes ejecutar código arbitrario por medio de la carga de archivos a \CMSsite-master\admin\includes\admin_add_post.php • https://github.com/TCSWT/Victor-CMS/blob/main/README.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2020-29280
https://notcve.org/view.php?id=CVE-2020-29280
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page. La aplicación Victor CMS versión v1.0, es vulnerable a una inyección SQL por medio del parámetro "search" en la página search.php • https://github.com/BigTiger2020/Victor-CMS-/blob/main/README.md https://github.com/VictorAlagwu/CMSsite/issues/13 https://www.exploit-db.com/exploits/48734 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •