CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42630
https://notcve.org/view.php?id=CVE-2024-42630
12 Aug 2024 — FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file. • https://github.com/Kirtoc/cms/tree/main/10/readme.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30890
https://notcve.org/view.php?id=CVE-2024-30890
25 Apr 2024 — Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacker to obtain sensitive information via the categories.php component. La vulnerabilidad de Cross-Site Scripting en ED01-CMS v.1.0 permite a un atacante obtener información confidencial a través del componente categories.php. • https://gist.github.com/rootlili/198922ef72c9bef973e04eb6b36a8aad • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25811
https://notcve.org/view.php?id=CVE-2024-25811
29 Feb 2024 — An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information. Un problema de control de acceso en Dreamer CMS v4.0.1 permite a los atacantes descargar archivos de respaldo y filtrar información confidencial. • https://github.com/Fei123-design/vuln/blob/master/Dreamer%20CMS%20Unauthorized%20access%20vulnerability.md • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0776 – LinZhaoguan pb-cms Comment cross site scripting
https://notcve.org/view.php?id=CVE-2024-0776
22 Jan 2024 — A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms 2.0. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation with the input <div onmouseenter="alert("xss)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sweatxi/BugHub/blob/main/Pbcms%20Background%20recovery%20store%20xss.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0729 – ForU CMS cms_admin.php sql injection
https://notcve.org/view.php?id=CVE-2024-0729
19 Jan 2024 — A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Affected by this issue is some unknown functionality of the file cms_admin.php. The manipulation of the argument a_name leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251552. • https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0728 – ForU CMS channel.php file inclusion
https://notcve.org/view.php?id=CVE-2024-0728
19 Jan 2024 — A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by this vulnerability is an unknown functionality of the file channel.php. The manipulation of the argument c_cmodel leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0648 – Yunyou CMS Common.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-0648
17 Jan 2024 — A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. This vulnerability affects unknown code of the file /app/index/controller/Common.php. The manipulation of the argument templateFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://note.zhaoj.in/share/FO8AL78oAeTS • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0426 – ForU CMS cms_template.php sql injection
https://notcve.org/view.php?id=CVE-2024-0426
11 Jan 2024 — A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. This issue affects some unknown processing of the file admin/cms_template.php. The manipulation of the argument t_name/t_path leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/mi2acle/forucmsvuln/blob/master/sqli.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0425 – ForU CMS password recovery
https://notcve.org/view.php?id=CVE-2024-0425
11 Jan 2024 — A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. • https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46886
https://notcve.org/view.php?id=CVE-2023-46886
29 Nov 2023 — Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read. Dreamer CMS anterior a la versión 4.0.1 es vulnerable a Directory Traversal. La gestión de plantillas en segundo plano permite la modificación arbitraria del archivo de plantilla, lo que permite leer archivos confidenciales del sistema. • https://gitee.com/iteachyou/dreamer_cms/issues/I6NOFN • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •