CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44302
https://notcve.org/view.php?id=CVE-2021-44302
18 Feb 2022 — BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidu_map parameters in /user/ztconfig.php. Se ha detectado que BaiCloud-cms versión v2.5.7, contiene múltiples vulnerabilidades de inyección SQL por medio de los parámetros tongji y baidu_map en el archivo /user/ztconfig.php • https://github.com/relightsec/BaiCloud/blob/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23873
https://notcve.org/view.php?id=CVE-2022-23873
03 Feb 2022 — Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter. Se ha detectado que Victor CMS versión v1.0, contiene una vulnerabilidad de inyección SQL que permite a atacantes inyectar comandos arbitrarios por medio del parámetro "user_firstname" • https://github.com/truonghuuphuc/CVE • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46459
https://notcve.org/view.php?id=CVE-2021-46459
31 Jan 2022 — Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters. Se ha detectado que Victor CMS versión v1.0, contiene múltiples vulnerabilidades de inyección SQL en el componente admin/users.php?source=add_user. • https://github.com/Nguyen-Trung-Kien/CVE • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46458
https://notcve.org/view.php?id=CVE-2021-46458
31 Jan 2022 — Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter. Se ha detectado que Victor CMS versión v1.0, contiene una vulnerabilidad de inyección SQL en el componente admin/posts.php?source=add_post. • https://github.com/Nguyen-Trung-Kien/CVE • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-21666 – SQL Injection in useredit.php
https://notcve.org/view.php?id=CVE-2022-21666
10 Jan 2022 — Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file `admin/pages/useredit.php` with a newer version. USOC version Pb2.4Bfx3 contains a fixed version of `admin/pages/useredit.php`. Useful Simple Open-Source CMS (USOC) es un sistema de administración de contenidos (CMS) para programadores. • https://github.com/Aaron-Junker/USOC/commit/c331d26aaab41a7e9e8c1c1a990132dca9d01e10 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-21644 – SQL Injection via search in USOC
https://notcve.org/view.php?id=CVE-2022-21644
04 Jan 2022 — USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. • https://github.com/Aaron-Junker/USOC/commit/06217c66c8f9b114726b21633eabcd88ac9034aa • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-21643 – SQL Injection in USOC
https://notcve.org/view.php?id=CVE-2022-21643
04 Jan 2022 — USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue. • https://github.com/Aaron-Junker/USOC/commit/21e8bfd7a9ab0b7f9344a7a3a7c32a7cdd5a0b69 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20605
https://notcve.org/view.php?id=CVE-2020-20605
22 Dec 2021 — Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in the /controller/CommentAdminController.java component. Blog CMS versiónv1.0 contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente /controller/CommentAdminController.java • https://github.com/xuzijia/blog/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18263
https://notcve.org/view.php?id=CVE-2020-18263
03 Nov 2021 — PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information. Se ha detectado que PHP-CMS versión v1.0, contiene una vulnerabilidad de inyección SQL en el componente search.php por medio del parámetro search. Esta vulnerabilidad permite a atacantes acceder a información confidencial de la base de datos • https://github.com/harshitbansal373/PHP-CMS/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18261
https://notcve.org/view.php?id=CVE-2020-18261
03 Nov 2021 — An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands. Una vulnerabilidad de carga de archivos arbitraria en la función image upload de ED01-CMS versión v1.0, permite a atacantes ejecutar comandos arbitrarios • https://github.com/chilin89117/ED01-CMS/issues/2 • CWE-434: Unrestricted Upload of File with Dangerous Type •