Page 5 of 48 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-46458

https://notcve.org/view.php?id=CVE-2021-46458

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter. Se ha detectado que Victor CMS versión v1.0, contiene una vulnerabilidad de inyección SQL en el componente admin/posts.php?source=add_post. • https://github.com/Nguyen-Trung-Kien/CVE https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2021-46458/CVE-2021-46458.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-20605

https://notcve.org/view.php?id=CVE-2020-20605

Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in the /controller/CommentAdminController.java component. Blog CMS versiónv1.0 contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente /controller/CommentAdminController.java • https://github.com/xuzijia/blog/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-18263

https://notcve.org/view.php?id=CVE-2020-18263

PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information. Se ha detectado que PHP-CMS versión v1.0, contiene una vulnerabilidad de inyección SQL en el componente search.php por medio del parámetro search. Esta vulnerabilidad permite a atacantes acceder a información confidencial de la base de datos • https://github.com/harshitbansal373/PHP-CMS/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-18261

https://notcve.org/view.php?id=CVE-2020-18261

An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands. Una vulnerabilidad de carga de archivos arbitraria en la función image upload de ED01-CMS versión v1.0, permite a atacantes ejecutar comandos arbitrarios • https://github.com/chilin89117/ED01-CMS/issues/2 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-18262

https://notcve.org/view.php?id=CVE-2020-18262

ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter. Se ha detectado que ED01-CMS versión v1.0, contiene una inyección SQL en el componente cposts.php por medio del parámetro cid • https://github.com/chilin89117/ED01-CMS/issues/3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •