Lucene search

Cmswing Security Vulnerabilities

cve

CVE-2019-7649

global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.

7.5CVSS

7.6AI Score

0.004EPSS

2019-02-17 09:29 PM

cve

CVE-2020-20294

An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.

9.8CVSS

9.6AI Score

0.004EPSS

2021-02-01 06:15 PM

cve

CVE-2020-20295

An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.

9.8CVSS

9.8AI Score

0.004EPSS

2021-02-01 06:15 PM

cve

CVE-2020-20296

An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.

9.8CVSS

9.8AI Score

0.004EPSS

2021-02-01 06:15 PM

cve

CVE-2020-24992

There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when an administrator accesses the content management module.

5.4CVSS

5.3AI Score

0.001EPSS

2021-05-17 07:15 PM

cve

CVE-2020-24993

There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when visitors access the article module.

5.4CVSS

5.3AI Score

0.001EPSS

2021-05-17 07:15 PM

cve

CVE-2021-43735

CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.

9.8CVSS

9.4AI Score

0.002EPSS

2022-03-23 04:15 PM

cve

CVE-2021-43736

CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule

9.8CVSS

9.7AI Score

0.006EPSS

2022-03-23 04:15 PM