CVE-2023-5259 – ForU CMS cms_admin.php denial of service
https://notcve.org/view.php?id=CVE-2023-5259
A vulnerability classified as problematic was found in ForU CMS. This vulnerability affects unknown code of the file /admin/cms_admin.php. The manipulation of the argument del leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/RCEraser/cve/blob/main/ForU-CMS.md https://vuldb.com/?ctiid.240868 https://vuldb.com/?id.240868 • CWE-404: Improper Resource Shutdown or Release •
CVE-2023-5221 – ForU CMS index.php code injection
https://notcve.org/view.php?id=CVE-2023-5221
A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Fovker8/cve/blob/main/rce.md https://vuldb.com/?ctiid.240363 https://vuldb.com/?id.240363 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-43857
https://notcve.org/view.php?id=CVE-2023-43857
Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex. Se descubrió que Dreamer CMS v4.1.3 contiene una vulnerabilidad de Cross-Site Scripting (XSS) almacenadas a través del componente /admin/u/toIndex. • https://gitee.com/iteachyou/dreamer_cms/issues/I834WV • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-43154
https://notcve.org/view.php?id=CVE-2023-43154
In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account. En Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, la comparación vaga en la función "isValidLogin()" durante el intento de inicio de sesión da como resultado una vulnerabilidad de confusión de tipo PHP que conduce a la omisión de autenticación y la toma de control de la cuenta de administrador. • https://github.com/ally-petitt/CVE-2023-43154-PoC https://cxsecurity.com/issue/WLB-2023090075 https://github.com/ally-petitt/macs-cms-auth-bypass • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-43856
https://notcve.org/view.php?id=CVE-2023-43856
Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. Se descubrió que Dreamer CMS v4.1.3 contenía una vulnerabilidad de lectura de archivos arbitraria a través del componente /admin/TemplateController.java. • http://cms.iteachyou.cc http://dreamer.com https://github.com/yux1azhengye https://github.com/yux1azhengye/mycve/blob/main/DreamerCMS%20arbitrary%20file%20reading.pdf • CWE-552: Files or Directories Accessible to External Parties •