CVE-2018-17391 – Super Cms Blog Pro 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-17391
SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter. Existe una inyección SQL en authors_post.php en Super Cms Blog Pro 1.0 mediante el parámetro author. Super Cms Blog Pro version 1.0 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/45463 http://packetstormsecurity.com/files/149519/Super-Cms-Blog-Pro-1.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-5969 – Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin)
https://notcve.org/view.php?id=CVE-2018-5969
Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account. Existe Cross-Site Request Forgery (CSRF) en Photography CMS 1.0 mediante clients/resources/ajax/ajax_new_admin.php, tal y como demuestra la adición de una cuenta admin. Photography CMS version 1.0 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/43867 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-17607 – CMS Auditor Website 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-17607
CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail. CMS Auditor Website 1.0 tiene una inyección SQL mediante el parámetro PATH_INFO en /news-detail. • https://www.exploit-db.com/exploits/43272 https://packetstormsecurity.com/files/145293/CMS-Auditor-Website-1.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-4678
https://notcve.org/view.php?id=CVE-2015-4678
SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI. Vulnerabilidad de inyección SQL en Persian Car CMS 1.0 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro cat_id en la URI por defecto. • http://packetstormsecurity.com/files/132216/Persian-Car-CMS-1.0-SQL-Injection.html http://www.securityfocus.com/bid/75345 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-100004
https://notcve.org/view.php?id=CVE-2014-100004
Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) allows remote attackers to inject arbitrary web script or HTML via the xmlcontrol parameter to the default URI. NOTE: some of these details are obtained from third party information. Vulnerabilidad de XSS en Sitecore CMS anterior a 7.0 actualización-4 (rev. 140120) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro xmlcontrol en la URI por defecto. NOTA: algunos de estos detalles se obtienen de información de terceras partes. • http://osvdb.org/102660 http://secunia.com/advisories/56705 http://sitecorekh.blogspot.dk/2014/01/sitecore-releases-70-update-4-rev-140120.html http://www.securityfocus.com/archive/1/530901/100/0/threaded http://www.securityfocus.com/bid/65254 https://exchange.xforce.ibmcloud.com/vulnerabilities/90833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •