4 results (0.008 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Affected by this issue is some unknown functionality of the file cms_admin.php. The manipulation of the argument a_name leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251552. • https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md https://vuldb.com/?ctiid.251552 https://vuldb.com/?id.251552 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by this vulnerability is an unknown functionality of the file channel.php. The manipulation of the argument c_cmodel leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md https://vuldb.com/?ctiid.251551 https://vuldb.com/?id.251551 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. This issue affects some unknown processing of the file admin/cms_template.php. The manipulation of the argument t_name/t_path leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/mi2acle/forucmsvuln/blob/master/sqli.md https://vuldb.com/?ctiid.250445 https://vuldb.com/?id.250445 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. • https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md https://vuldb.com/?ctiid.250444 https://vuldb.com/?id.250444 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •