CVE-2020-23945
https://notcve.org/view.php?id=CVE-2020-23945
A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obtain data information in the database. Se presenta una vulnerabilidad de inyección SQL en Victor CMS versión V1.0, en el parámetro cat_id del archivo category.php. Este parámetro puede ser usado por sqlmap para conseguir información de datos en la base de datos • https://github.com/VictorAlagwu/CMSsite/issues/14 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-15599 – Victor CMS 1.0 - 'user_firstname' Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-15599
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field. Victor CMS hasta el 28-02-2019, permite un ataque de tipo XSS por medio del campo user_firstname o user_lastname del archivo register.php • https://www.exploit-db.com/exploits/48626 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-16775
https://notcve.org/view.php?id=CVE-2018-16775
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu. Se ha descubierto un problema en Victor CMS hasta el 10/05/2018. Hay Cross-Site Scripting (XSS) mediante el nombre del sitio en el menú "Categories". • https://github.com/VictorAlagwu/CMSsite/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-15603
https://notcve.org/view.php?id=CVE-2018-15603
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the "Leave a Comment" screen. Se ha descubierto un problema en Victor CMS hasta el 10/05/2018. Existe Cross-Site Scripting (XSS) mediante el campo Author de la pantalla "Leave a Comment". • https://github.com/VictorAlagwu/CMSsite/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •