CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25857
https://notcve.org/view.php?id=CVE-2021-25857
11 Aug 2023 — An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the font_type parameter to setup.php. • https://github.com/pcmt/superMicro-CMS/issues/2 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34916
https://notcve.org/view.php?id=CVE-2023-34916
31 Jul 2023 — Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java. • https://github.com/fuge/cms/issues/4 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34917
https://notcve.org/view.php?id=CVE-2023-34917
31 Jul 2023 — Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java. • https://github.com/fuge/cms/issues/3 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18410
https://notcve.org/view.php?id=CVE-2020-18410
27 Jun 2023 — A stored cross site scripting (XSS) vulnerability in /index.php?admin-master-article-edit of Chaoji CMS v2.18 that allows attackers to obtain administrator privileges. • https://github.com/GodEpic/chaojicms/issues/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18413
https://notcve.org/view.php?id=CVE-2020-18413
27 Jun 2023 — Stored cross site scripting (XSS) vulnerability in /index.php?admin-master-navmenu-add of Chaoji CMS v2.18 that allows attackers to execute arbitrary code. • https://github.com/GodEpic/chaojicms/issues/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18414
https://notcve.org/view.php?id=CVE-2020-18414
27 Jun 2023 — Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset. • https://github.com/GodEpic/chaojicms/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-20636
https://notcve.org/view.php?id=CVE-2020-20636
20 Jun 2023 — SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function. • https://github.com/joyplus/joyplus-cms/issues/447 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33604
https://notcve.org/view.php?id=CVE-2023-33604
07 Jun 2023 — Imperial CMS v7.5 was discovered to contain an arbitrary file deletion vulnerability via the DelspReFile function in /sp/ListSp.php. This vulnerability is exploited by attackers via a crafted POST request. Se ha descubierto que Imperial CMS v7.5 contiene una vulnerabilidad de eliminación arbitraria de archivos a través de la función "DelspReFile" en "/sp/ListSp.php". Esta vulnerabilidad es explotada por atacantes a través de una petición POST manipulada. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257484 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23966
https://notcve.org/view.php?id=CVE-2020-23966
08 May 2023 — SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request. • https://github.com/VictorAlagwu/CMSsite • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2473 – Dreamer CMS Password Hash Calculation UserController.java updatePwd algorithmic complexity
https://notcve.org/view.php?id=CVE-2023-2473
02 May 2023 — A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. • https://gitee.com/isoftforce/dreamer_cms/issues/I6WHO7 • CWE-407: Inefficient Algorithmic Complexity •