CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16315
https://notcve.org/view.php?id=CVE-2018-16315
In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. En waimai Super Cms 20150505, hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede cambiar la configuración mediante admin.php?m=Configa=add. • https://github.com/caokang/waimai/issues/3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16157
https://notcve.org/view.php?id=CVE-2018-16157
waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter to zero, the entire cart is sold for free. waimai Super Cms 20150505 tiene un error de lógica que permite que atacantes modifiquen un precio, antes del envío de un formulario, observando los datos en una captura de paquetes. Al establecer el parámetro index.php?m=carta=save item_totals como cero, todo el carrito de la compra se vende gratis. • https://github.com/caokang/waimai/issues/5 •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15570
https://notcve.org/view.php?id=CVE-2018-15570
In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter. In waimai Super Cms 20150505,hay Cross-Site Scripting (XSS) persistente mediante el parámetro fcname en /admin.php/Foodcat/editsave. • https://github.com/caokang/waimai/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •