Show filters
233 Total Results
Displaying 71-80 of 233
Sort by:
Attacker Value
Unknown

CVE-2020-21516

Disclosure Date: September 06, 2022 (last updated February 24, 2025)
There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-36168

Disclosure Date: August 26, 2022 (last updated February 24, 2025)
A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-36578

Disclosure Date: August 19, 2022 (last updated February 24, 2025)
jizhicms v2.3.1 has SQL injection in the background.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-36577

Disclosure Date: August 19, 2022 (last updated February 24, 2025)
An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-36224

Disclosure Date: August 19, 2022 (last updated February 24, 2025)
XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF).
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-19896

Disclosure Date: June 28, 2022 (last updated February 24, 2025)
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-33121

Disclosure Date: June 24, 2022 (last updated February 24, 2025)
A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-41654

Disclosure Date: June 16, 2022 (last updated February 23, 2025)
SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-41663

Disclosure Date: June 13, 2022 (last updated February 23, 2025)
A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. The vulnerability exists in the article upload: post-edit.php page.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-31393

Disclosure Date: June 09, 2022 (last updated February 23, 2025)
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >