Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.

There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information

xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request.

Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.

Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.

SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1.

icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).

An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.