CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27478
https://notcve.org/view.php?id=CVE-2022-27478
Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin. Se ha detectado que Victor versión v1.0, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio del componente admin/profile.php?section=admin • https://github.com/k0xx11/Vulscve/blob/master/Victor1.0-rce.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2022-26613
https://notcve.org/view.php?id=CVE-2022-26613
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php. Se ha detectado que PHP-CMS versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro category en el archivo categorymenu.php • https://github.com/harshitbansal373/PHP-CMS/issues/14 https://github.com/harshitbansal373/PHP-CMS/issues/15 https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-26613 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26201
https://notcve.org/view.php?id=CVE-2022-26201
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. Se ha detectado que Victor CMS versión v1.0, contiene una vulnerabilidad de inyección SQL • https://github.com/truonghuuphuc/CVE https://github.com/truonghuuphuc/CVE/blob/main/CVE-2022-26201.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23873
https://notcve.org/view.php?id=CVE-2022-23873
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter. Se ha detectado que Victor CMS versión v1.0, contiene una vulnerabilidad de inyección SQL que permite a atacantes inyectar comandos arbitrarios por medio del parámetro "user_firstname" • https://github.com/truonghuuphuc/CVE https://github.com/truonghuuphuc/CVE/blob/main/CVE-2022-23873.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46459
https://notcve.org/view.php?id=CVE-2021-46459
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters. Se ha detectado que Victor CMS versión v1.0, contiene múltiples vulnerabilidades de inyección SQL en el componente admin/users.php?source=add_user. • https://github.com/Nguyen-Trung-Kien/CVE https://github.com/Nguyen-Trung-Kien/CVE/tree/main/CVE-2021-46459 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •