CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-9875
https://notcve.org/view.php?id=CVE-2019-9875
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter. La deserialización de datos no confiables en el módulo anti CSRF en Sitecore hasta la versón 9.1, permite a un atacante identificado ejecutar código arbitrario mediante el envío un objeto .NET serializado dentro de un parámetro POST de HTTP. • https://dev.sitecore.net/Downloads.aspx https://www.synacktiv.com/blog.html https://www.synacktiv.com/ressources/advisories/Sitecore_CSRF_deserialize_RCE.pdf • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-17391 – Super Cms Blog Pro 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-17391
SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter. Existe una inyección SQL en authors_post.php en Super Cms Blog Pro 1.0 mediante el parámetro author. Super Cms Blog Pro version 1.0 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/45463 http://packetstormsecurity.com/files/149519/Super-Cms-Blog-Pro-1.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5969 – Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin)
https://notcve.org/view.php?id=CVE-2018-5969
Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account. Existe Cross-Site Request Forgery (CSRF) en Photography CMS 1.0 mediante clients/resources/ajax/ajax_new_admin.php, tal y como demuestra la adición de una cuenta admin. Photography CMS version 1.0 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/43867 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-17607 – CMS Auditor Website 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-17607
CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail. CMS Auditor Website 1.0 tiene una inyección SQL mediante el parámetro PATH_INFO en /news-detail. • https://www.exploit-db.com/exploits/43272 https://packetstormsecurity.com/files/145293/CMS-Auditor-Website-1.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-4678
https://notcve.org/view.php?id=CVE-2015-4678
SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI. Vulnerabilidad de inyección SQL en Persian Car CMS 1.0 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro cat_id en la URI por defecto. • http://packetstormsecurity.com/files/132216/Persian-Car-CMS-1.0-SQL-Injection.html http://www.securityfocus.com/bid/75345 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •