CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0776 – LinZhaoguan pb-cms Comment cross site scripting
https://notcve.org/view.php?id=CVE-2024-0776
A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms 2.0. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation with the input <div onmouseenter="alert("xss)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sweatxi/BugHub/blob/main/Pbcms%20Background%20recovery%20store%20xss.pdf https://vuldb.com/?ctiid.251678 https://vuldb.com/?id.251678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0729 – ForU CMS cms_admin.php sql injection
https://notcve.org/view.php?id=CVE-2024-0729
A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Affected by this issue is some unknown functionality of the file cms_admin.php. The manipulation of the argument a_name leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251552. • https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md https://vuldb.com/?ctiid.251552 https://vuldb.com/?id.251552 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0728 – ForU CMS channel.php file inclusion
https://notcve.org/view.php?id=CVE-2024-0728
A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by this vulnerability is an unknown functionality of the file channel.php. The manipulation of the argument c_cmodel leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md https://vuldb.com/?ctiid.251551 https://vuldb.com/?id.251551 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0648 – Yunyou CMS Common.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-0648
A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. This vulnerability affects unknown code of the file /app/index/controller/Common.php. The manipulation of the argument templateFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://note.zhaoj.in/share/FO8AL78oAeTS https://vuldb.com/?ctiid.251374 https://vuldb.com/?id.251374 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0426 – ForU CMS cms_template.php sql injection
https://notcve.org/view.php?id=CVE-2024-0426
A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. This issue affects some unknown processing of the file admin/cms_template.php. The manipulation of the argument t_name/t_path leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/mi2acle/forucmsvuln/blob/master/sqli.md https://vuldb.com/?ctiid.250445 https://vuldb.com/?id.250445 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •