CVE-2018-18939
https://notcve.org/view.php?id=CVE-2018-18939
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. Se ha descubierto un problema en WUZHI CMS 4.1.0. Hay Cross-Site Scripting (XSS) persistente en index.php? • https://github.com/wuzhicms/wuzhicms/issues/159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-18868
https://notcve.org/view.php?id=CVE-2018-18868
No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter. No-CMS 1.1.3 es propenso a Cross-Site Scripting (XSS) persistente mediante un parámetro contact_us name, tal y como queda demostrado con el parámetro VG48Z5PqVWname. • https://github.com/s-kustm/Subodh/blob/master/CVE-2018-18868.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-17852
https://notcve.org/view.php?id=CVE-2018-17852
A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. Se ha descubierto una inyección SQL en WUZHI CMS 4.1.0 en coreframe/app/coupon/admin/card.php mediante el parámetro groupname en el URI /index.php?m=couponf=cardv=detail_listing. • https://github.com/wuzhicms/wuzhicms/issues/155 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-17410
https://notcve.org/view.php?id=CVE-2018-17410
Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI. Horus CMS permite la inyección SQL, tal y como queda demostrado con una petición en los URI /busca o /home. • https://exchange.xforce.ibmcloud.com/vulnerabilities/150531 https://lab.insightsecurity.com.br/horus-cms • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-17391 – Super Cms Blog Pro 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-17391
SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter. Existe una inyección SQL en authors_post.php en Super Cms Blog Pro 1.0 mediante el parámetro author. Super Cms Blog Pro version 1.0 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/45463 http://packetstormsecurity.com/files/149519/Super-Cms-Blog-Pro-1.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •