162 matches found
GHSA-W53M-GXVG-VX7P Contao can disclose sensitive information in the news module
Impact If a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. Patches Update to Contao 5.3.38 or 5.6.1. Workarounds Do not add protected news archives to the news feed page. For more information If you have any questions o...
CVE-2020-27377
A cross-site scripting XSS vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts...
CVE-2020-22765
Cross Site Scripting XSS vulnerability in NukeViet cms 4.4.0 via the editor in the News module...
CVE-2010-4663
Unspecified vulnerability in the News module in CMS Made Simple CMSMS before 1.9.1 has unknown impact and attack vectors...
TYPO 3.16.0 SQL Injection
TYPO version 3.16.0 suffers from a remote SQL injection vulnerability. ============================================================================================================================================= | Title : TYPO 3.16.0 Code Injection Vulnerability | | Author : indoushka | | Tested...
TYPO3 News Module SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TYPO3 News Module SQL Injection', 'Description' = %q This module exploits a SQL Injection vulnerability In TYPO3 NewsController.php in the news...
CMS Made Simple Cross-Site Scripting Vulnerability
CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based permission management system, wizard-based installation and update mechanism, intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in CMS Made Simple...
CVE-2021-28999
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1sortby parameter to modules/News/function.adminarticlestab.php...
CVE-2021-28999
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1sortby parameter to modules/News/function.adminarticlestab.php...
CVE-2021-28999
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1sortby parameter to modules/News/function.adminarticlestab.php...
CMS Made Simple <= 2.2.15 SQLi Vulnerability
CMS Made Simple is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2021-40961
CMS Made Simple =2.2.15 is affected by SQL injection in modules/News/function.adminarticlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '...
CVE-2021-40961
CMS Made Simple =2.2.15 is affected by SQL injection in modules/News/function.adminarticlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '...
CMS Made Simple SQL注入漏洞
CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based permission management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in CMS Made Simple version...
CVE-2021-40961
CMS Made Simple =2.2.15 is affected by SQL injection in modules/News/function.adminarticlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '...
PT-2022-11348 · Unknown · Cms Made Simple
Name of the Vulnerable Software and Affected Versions: CMS Made Simple versions 2.2.15 and earlier Description: The issue concerns SQL injection in the modules/News/function.admin articlestab.php file. Specifically, the $sortby variable is concatenated with $query1, allowing for the injection of...
CSCMS Music Portal System SQL注入漏洞
CSCMS Music Portal System is a diversified content management system from China Sunshine Network Technology CSCMS, Inc. A SQL injection vulnerability exists in CSCMS Music Portal System, which originates from the missing id parameter of /admin.php/news/admin/news/save validation of external input...
NukeViet Cross-site Scripting via the editor in the News module
Cross Site Scripting XSS vulnerability in NukeViet cms 4.4.0 via the editor in the News module...
GHSA-6J4J-22QG-9FFM NukeViet Cross-site Scripting via the editor in the News module
Cross Site Scripting XSS vulnerability in NukeViet cms 4.4.0 via the editor in the News module...
CVE-2022-27369
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component newsNews.phphy...