27 matches found
EUVD-2020-24204
Malware in sbrugna...
CVE-2020-21881
Cross Site Request Forgery CSRF vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add...
Cross site scripting
Cross Site Scripting XSS vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add...
CVE-2020-36763
CVE-2020-36763 involves a Cross-Site Scripting (XSS) flaw in DuxCMS 2.1. The issue allows remote attackers to execute arbitrary scripts by manipulating the content , time , and copyfrom parameters when adding or editing a post. Root cause: insufficient input validation/escaping in these fields. I...
DuxCMS 跨站请求伪造漏洞
DuxCMS is an open source content management system. A cross-site request forgery vulnerability exists in DuxCMS version 2.1, which originates from admin.php that allows remote attackers to modify application data via article/admin/content/add...
CVE-2020-21881
Cross Site Request Forgery CSRF vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add...
CVE-2020-21881
Cross Site Request Forgery CSRF vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add...
CVE-2020-21881
DuxCMS 2.1 contains a Cross Site Request Forgery (CSRF) vulnerability in admin.php (endpoint article/admin/content/add) that allows remote attackers to modify application data. The issue is documented across multiple sources (e.g., CVE-2020-21881) with remediation guidance suggesting CSRF token v...
CVE-2020-21862
Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del...
CVE-2020-21862
Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del...
CVE-2020-21861
File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload...
Directory traversal
Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del...
Unrestricted file upload
File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload...
CVE-2020-21861
File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload...
CVE-2020-21861
File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload...
PT-2023-11605 · Duxcms · Duxcms
Name of the Vulnerable Software and Affected Versions: DuxCMS version 2.1 Description: A directory traversal issue allows attackers to delete arbitrary files via the /admin/AdminBackup/del API endpoint. This enables attackers to potentially disrupt system functionality or destroy sensitive data...
CVE-2020-21862
CVE-2020-21862 is a directory traversal vulnerability in DuxCMS 2.1 that allows an attacker to delete arbitrary files via the /admin/AdminBackup/del endpoint. The issue is rooted in a traversal flaw in the AdminBackup API, enabling unauthorized file deletion and potential data loss. Public detail...
CVE-2020-21861
CVE-2020-21861 concerns DuxCMS 2.1 with a file upload vulnerability in duxcms/AdminUpload/upload that allows attackers to execute arbitrary PHP code. The affected software is DuxCMS 2.1; the vulnerable trigger is the AdminUpload/upload endpoint, enabling arbitrary code execution with high impact ...
CVE-2020-21862
Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del...