CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0729 – ForU CMS cms_admin.php sql injection
https://notcve.org/view.php?id=CVE-2024-0729
19 Jan 2024 — A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Affected by this issue is some unknown functionality of the file cms_admin.php. The manipulation of the argument a_name leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251552. • https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0728 – ForU CMS channel.php file inclusion
https://notcve.org/view.php?id=CVE-2024-0728
19 Jan 2024 — A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by this vulnerability is an unknown functionality of the file channel.php. The manipulation of the argument c_cmodel leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0426 – ForU CMS cms_template.php sql injection
https://notcve.org/view.php?id=CVE-2024-0426
11 Jan 2024 — A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. This issue affects some unknown processing of the file admin/cms_template.php. The manipulation of the argument t_name/t_path leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/mi2acle/forucmsvuln/blob/master/sqli.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0425 – ForU CMS password recovery
https://notcve.org/view.php?id=CVE-2024-0425
11 Jan 2024 — A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. • https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5259 – ForU CMS cms_admin.php denial of service
https://notcve.org/view.php?id=CVE-2023-5259
29 Sep 2023 — A vulnerability classified as problematic was found in ForU CMS. This vulnerability affects unknown code of the file /admin/cms_admin.php. The manipulation of the argument del leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/RCEraser/cve/blob/main/ForU-CMS.md • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5221 – ForU CMS index.php code injection
https://notcve.org/view.php?id=CVE-2023-5221
27 Sep 2023 — A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Fovker8/cve/blob/main/rce.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3943 – ForU CMS cms_chip.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-3943
11 Nov 2022 — A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/whiex/c2Rhc2Rhc2Q-/blob/main/MjU1NTI1ODU4ODU%3D.docx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •