CVE-2022-2769 – SourceCodester Company Website CMS contact cross site scripting
https://notcve.org/view.php?id=CVE-2022-2769
A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS. This issue affects some unknown processing of the file /dashboard/contact. The manipulation of the argument phone leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Company%20Website%20CMS%28XSS%29.md https://vuldb.com/?id.206165 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-2765 – SourceCodester Company Website CMS settings improper authentication
https://notcve.org/view.php?id=CVE-2022-2765
A vulnerability was found in SourceCodester Company Website CMS 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/settings. The manipulation leads to improper authentication. The attack can be launched remotely. • https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Company%20Website%20CMS--.md https://vuldb.com/?id.206161 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVE-2021-35283
https://notcve.org/view.php?id=CVE-2021-35283
SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php. Una vulnerabilidad de inyección SQL en el archivo product_admin.php en atoms183 CMS versión 1.0, permite a atacantes ejecutar comandos arbitrarios por medio de los parámetros Name, Fname e ID en el archivo search.php • https://github.com/atoms183/CMS/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-35597
https://notcve.org/view.php?id=CVE-2020-35597
Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php. Victor CMS versión 1.0, es vulnerable a la inyección SQL por medio del parámetro c_id del archivo admin_edit_comment.php, el parámetro p_id del archivo admin_edit_post.php, el parámetro u_id del archivo admin_edit_user.php y el parámetro edit del archivos admin_update_categories.php • https://cxsecurity.com/issue/WLB-2020120118 https://github.com/VictorAlagwu/CMSsite/issues/16 https://www.exploit-db.com/exploits/49282 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-28060
https://notcve.org/view.php?id=CVE-2022-28060
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. Una Vulnerabilidad de inyección SQL en Victor CMS versión v1.0, por medio del parámetro user_name en /includes/login.php • https://github.com/JiuBanSec/CVE/blob/main/VictorCMS%20SQL.md https://github.com/JiuBanSec/CVE_LIST/blob/main/CVE-2022-28060/CVE-2022-28060.pdf https://github.com/VictorAlagwu/CMSsite • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •