CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3534 – PowerCreator CMS OpenPublicCourse.aspx sql injection
https://notcve.org/view.php?id=CVE-2025-3534
13 Apr 2025 — A vulnerability, which was classified as critical, was found in PowerCreator CMS 1.0. Affected is an unknown function of the file /OpenPublicCourse.aspx. The manipulation of the argument cid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yztale/powercreator/blob/main/README.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52600 – Statamic CMS has Path Traversal in Asset Upload
https://notcve.org/view.php?id=CVE-2024-52600
19 Nov 2024 — Statmatic is a Laravel and Git powered content management system (CMS). Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with `assets` fields and other places where assets can be uploaded, although users would need upload permissions anyway. Files can be uploaded so they would be located on the server in a different location, and potentially override existing files... • https://github.com/statamic/cms/commit/0c07c10009a2439c8ee56c8faefd1319dc6e388d • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46906
https://notcve.org/view.php?id=CVE-2023-46906
09 Jan 2024 — juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated. juzaweb <= 3.4 es vulnerable a un control de acceso incorrecto, lo que provoca una interrupción de la aplicación después de un código de estado HTTP 500. El payload en el campo de timezone no se validó correctamente. • https://github.com/juzaweb/cms • CWE-863: Incorrect Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5919 – SourceCodester Company Website CMS Create Blog Page createblog unrestricted upload
https://notcve.org/view.php?id=CVE-2023-5919
02 Nov 2023 — A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.244310 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46467
https://notcve.org/view.php?id=CVE-2023-46467
28 Oct 2023 — Cross Site Scripting vulnerability in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter of the registration page. Vulnerabilidad de Cross-Site Scripting (XSS) en juzawebCMS v.3.4 y anteriores permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro de nombre de usuario de la página de registro. • https://www.sumor.top/index.php/archives/872 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34916
https://notcve.org/view.php?id=CVE-2023-34916
31 Jul 2023 — Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java. • https://github.com/fuge/cms/issues/4 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34917
https://notcve.org/view.php?id=CVE-2023-34917
31 Jul 2023 — Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java. • https://github.com/fuge/cms/issues/3 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23966
https://notcve.org/view.php?id=CVE-2020-23966
08 May 2023 — SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request. • https://github.com/VictorAlagwu/CMSsite • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36503
https://notcve.org/view.php?id=CVE-2021-36503
03 Feb 2023 — SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file. • https://github.com/Fanli2012/native-php-cms/issues/3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-35284
https://notcve.org/view.php?id=CVE-2021-35284
23 Nov 2022 — SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1. Vulnerabilidad de inyección SQL en la función get_user en login_manager.php en rizalafani cms-php v1. • https://github.com/rizalafani/cms-php/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •