CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24804
https://notcve.org/view.php?id=CVE-2020-24804
Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs. • https://github.com/cms-dev/cms/issues/1160 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34916
https://notcve.org/view.php?id=CVE-2023-34916
Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java. • https://github.com/fuge/cms/issues/4 https://payatu.com/advisory/unvalidated-open-redirection-fuge-cms-v1-0 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34917
https://notcve.org/view.php?id=CVE-2023-34917
Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java. • https://github.com/fuge/cms/issues/3 https://payatu.com/advisory/unvalidated-redirection-vulnerability-in-fuge-cms-v1-0 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-45544
https://notcve.org/view.php?id=CVE-2022-45544
Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme that was obtained from a trusted source or was developed for their own website. Only an admin can upload such code, not someone else in an "attacker" role. • https://github.com/tristao-marinho/CVE-2022-45544 https://blog.tristaomarinho.com/schlix-cms-2-2-7-2-arbitrary-file-upload https://github.com/tristao-marinho/CVE-2022-45544/blob/main/README.md https://www.schlix.com https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.7-2.zip • CWE-863: Incorrect Authorization •
CVSS: 9.9EPSS: 95%CPEs: 23EXPL: 2CVE-2020-7357 – Cayin CMS Command Injection
https://notcve.org/view.php?id=CVE-2020-7357
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5. Cayin CMS sufre de una vulnerabilidad de inyección de comando semi-ciega autenticada del Sistema Operativo usando credenciales predeterminadas. Esta puede ser explotada para inyectar y ejecutar comandos de shell arbitrarios como usuario root por medio del parámetro POST HTTP "NTP_Server_IP" en la página system.cgi. • https://exchange.xforce.ibmcloud.com/vulnerabilities/182925 https://github.com/rapid7/metasploit-framework/pull/13607 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •