Lucene search

MitreCVELIST:CVE-2020-35597

HistoryJun 16, 2022 - 6:26 p.m.

CVE-2020-35597

2022-06-1618:26:22

mitre

www.cve.org

victor cms

sql injection

admin_edit_comment.php

admin_edit_post.php

admin_edit_user.php

admin_update_categories.php

c_id parameter

p_id parameter

u_id parameter

edit parameter

cve-2020-35597

AI Score

9.1

Confidence

High

EPSS

0.018

Percentile

88.5%

JSON

Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.

References

cxsecurity.com/issue/WLB-2020120118

github.com/VictorAlagwu/CMSsite/issues/16

www.exploit-db.com/exploits/49282