CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46459
https://notcve.org/view.php?id=CVE-2021-46459
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters. Se ha detectado que Victor CMS versión v1.0, contiene múltiples vulnerabilidades de inyección SQL en el componente admin/users.php?source=add_user. • https://github.com/Nguyen-Trung-Kien/CVE https://github.com/Nguyen-Trung-Kien/CVE/tree/main/CVE-2021-46459 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46458
https://notcve.org/view.php?id=CVE-2021-46458
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter. Se ha detectado que Victor CMS versión v1.0, contiene una vulnerabilidad de inyección SQL en el componente admin/posts.php?source=add_post. • https://github.com/Nguyen-Trung-Kien/CVE https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2021-46458/CVE-2021-46458.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20605
https://notcve.org/view.php?id=CVE-2020-20605
Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in the /controller/CommentAdminController.java component. Blog CMS versiónv1.0 contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente /controller/CommentAdminController.java • https://github.com/xuzijia/blog/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18263
https://notcve.org/view.php?id=CVE-2020-18263
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information. Se ha detectado que PHP-CMS versión v1.0, contiene una vulnerabilidad de inyección SQL en el componente search.php por medio del parámetro search. Esta vulnerabilidad permite a atacantes acceder a información confidencial de la base de datos • https://github.com/harshitbansal373/PHP-CMS/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18262
https://notcve.org/view.php?id=CVE-2020-18262
ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter. Se ha detectado que ED01-CMS versión v1.0, contiene una inyección SQL en el componente cposts.php por medio del parámetro cid • https://github.com/chilin89117/ED01-CMS/issues/3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •