CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27084
https://notcve.org/view.php?id=CVE-2023-27084
Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. • https://gitee.com/isoftforce/dreamer_cms/issues/I6GCUN https://github.com/iteachyou-wjn/dreamer_cms/issues/9 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25452 – WordPress CMS Press Plugin <= 0.2.3 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-25452
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Pretty (prettyboymp) CMS Press plugin <= 0.2.3 versions. The CMS Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 0.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://patchstack.com/database/vulnerability/cms-press/wordpress-cms-press-plugin-0-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4328 – 狮子鱼CMS ApiController.class.php goods_detail sql injection
https://notcve.org/view.php?id=CVE-2021-4328
A vulnerability has been found in 狮子鱼CMS and classified as critical. Affected by this vulnerability is the function goods_detail of the file ApiController.class.php. The manipulation of the argument goods_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://hammerking.top/index.php/archives/104 https://vuldb.com/?ctiid.222223 https://vuldb.com/?id.222223 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35290
https://notcve.org/view.php?id=CVE-2021-35290
File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page. • https://github.com/anibalgomezprojects/balerocms-src/issues/2 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33925
https://notcve.org/view.php?id=CVE-2021-33925
SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login. • https://github.com/nitinp1232/cms-corephp/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •