CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1682 – Xunrui CMS Install.txt direct request
https://notcve.org/view.php?id=CVE-2023-1682
A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dayrui/My/Config/Install.txt. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/2714925725/CMS-bug/blob/main/Informationdisclosure-1.md https://vuldb.com/?ctiid.224239 https://vuldb.com/?id.224239 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1681 – Xunrui CMS test.php information disclosure
https://notcve.org/view.php?id=CVE-2023-1681
A vulnerability, which was classified as problematic, was found in Xunrui CMS 4.61. Affected is an unknown function of the file /config/myfield/test.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/2714925725/CMS-bug/blob/main/Informationdisclosure-1.md https://vuldb.com/?ctiid.224238 https://vuldb.com/?id.224238 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30037
https://notcve.org/view.php?id=CVE-2022-30037
XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php. • https://weltolk.github.io/p/xunruicms-v4.3.3-to-v4.5.1-backstage-code-injection-vulnerabilityfile-write-and-file-inclusion • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36224
https://notcve.org/view.php?id=CVE-2022-36224
XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF). XunRuiCMS versión V4.5.6, es vulnerable a un ataque de tipo Cross Site Request Forgery (CSRF). • https://github.com/dayrui/xunruicms/issues/1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17074
https://notcve.org/view.php?id=CVE-2019-17074
An issue was discovered in XunRuiCMS 4.3.1. There is a stored XSS in the module_category area. Se descubrió un problema en XunRuiCMS versión 4.3.1. Hay una vulnerabilidad de tipo XSS almacenado en el área module_category. • https://github.com/dayrui/xunruicms/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •