CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21506
https://notcve.org/view.php?id=CVE-2020-21506
05 Oct 2021 — waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Config&a=add. waimai Super Cms versión 20150505, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente /admin.php?m=Config&a=add • https://github.com/caokang/waimai/issues/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21505
https://notcve.org/view.php?id=CVE-2020-21505
05 Oct 2021 — waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php/Link/addsave. waimai Super Cms versión 20150505, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente /admin.php/Link/addsave • https://github.com/caokang/waimai/issues/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21504
https://notcve.org/view.php?id=CVE-2020-21504
05 Oct 2021 — waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?&m=Public&a=login. waimai Super Cms versión 20150505, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente /admin.php?&m=Public&a=login • https://github.com/caokang/waimai/issues/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21503
https://notcve.org/view.php?id=CVE-2020-21503
05 Oct 2021 — waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free. waimai Super Cms versión 20150505, presenta un fallo lógico permitiendo a atacantes modificar un precio, antes del envío del formulario, observando los datos en una captura de paquetes. Al establecer el parámetro index.php?m=gift&a=addsave credit a -1, el producto se ... • https://github.com/caokang/waimai/issues/15 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 3CVE-2018-17391 – Super Cms Blog Pro 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-17391
25 Sep 2018 — SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter. Existe una inyección SQL en authors_post.php en Super Cms Blog Pro 1.0 mediante el parámetro author. Super Cms Blog Pro version 1.0 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/149519 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14014
https://notcve.org/view.php?id=CVE-2018-14014
12 Jul 2018 — In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd. En waimai Super Cms 20150505, hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede añadir una cuenta de administrador mediante admin.php?m=Membera=adminadd. • https://github.com/caokang/waimai/issues/2 • CWE-352: Cross-Site Request Forgery (CSRF) •