Search Results | AttackerKB

Show filters

Topics 18 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

18 Total Results

Displaying 1-10 of 18

Attacker Value

Unknown

CVE-2022-40361

Disclosure Date: January 11, 2024 (last updated January 17, 2024)

Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2023-42331

Disclosure Date: September 20, 2023 (last updated October 09, 2023)

A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component.

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2022-30816

Disclosure Date: June 02, 2022 (last updated February 23, 2025)

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-30815

Disclosure Date: June 02, 2022 (last updated February 23, 2025)

elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-30814

Disclosure Date: June 02, 2022 (last updated February 23, 2025)

elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-30813

Disclosure Date: June 02, 2022 (last updated February 23, 2025)

elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-30810

Disclosure Date: June 02, 2022 (last updated February 23, 2025)

elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-30809

Disclosure Date: June 02, 2022 (last updated February 23, 2025)

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-30808

Disclosure Date: June 02, 2022 (last updated February 23, 2025)

elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-30804

Disclosure Date: June 02, 2022 (last updated February 23, 2025)

elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=.

Attack Vector: Network Privileges: High User Interaction: None

0