3 results (0.008 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-18261

https://notcve.org/view.php?id=CVE-2020-18261

An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands. Una vulnerabilidad de carga de archivos arbitraria en la función image upload de ED01-CMS versión v1.0, permite a atacantes ejecutar comandos arbitrarios • https://github.com/chilin89117/ED01-CMS/issues/2 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-18262

https://notcve.org/view.php?id=CVE-2020-18262

ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter. Se ha detectado que ED01-CMS versión v1.0, contiene una inyección SQL en el componente cposts.php por medio del parámetro cid • https://github.com/chilin89117/ED01-CMS/issues/3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-18259

https://notcve.org/view.php?id=CVE-2020-18259

ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields. Se ha detectado que ED01-CMS versión v1.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflectiva en el componente sposts.php. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada insertada en los campos Post title o Post content • https://github.com/chilin89117/ED01-CMS/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •