CVE-2018-18261
https://notcve.org/view.php?id=CVE-2018-18261
In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter. Existe una vulnerabilidad de XSS en Waimai Super Cms 20150505, a través del parámetro /admin.php/Foodcat/addsave fcname. • https://github.com/caokang/waimai/issues/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-7585
https://notcve.org/view.php?id=CVE-2019-7585
An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI. Se ha descubierto un problema en Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php permite una inyección SQL basada en tiempo mediante el parámetro param array en el URI /index.php?m=publica=checkemail. • https://github.com/caokang/waimai/issues/11 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-7567
https://notcve.org/view.php?id=CVE-2019-7567
An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter. Se ha descubierto un problema en Waimai Super Cms 20150505. admin.php?m=Membera=adminaddsave tiene Cross-Site Scripting (XSS) mediante los parámetros username o password. • https://github.com/caokang/waimai/issues/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-3577
https://notcve.org/view.php?id=CVE-2019-3577
An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI. Se ha descubierto un problema en Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php permite inyecciones SQL a ciegas mediante el parámetro id[0] en el URI /product. • https://github.com/caokang/waimai/issues/9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-18622
https://notcve.org/view.php?id=CVE-2018-18622
An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public&a=doregister username parameter. Se ha descubierto un problema en Waimai Super Cms 20150505. Hay Cross-Site Scripting (XSS) mediante el parámetro username en index.php? • https://github.com/caokang/waimai/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •