24 matches found
CVE-2020-37076 Victor CMS 1.0 - 'post' SQL Injection
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...
CVE-2020-23966
Victor CMS 1.0 is affected by a SQL Injection in the post parameter of /post.php via crafted GET requests. The vulnerability allows an attacker to execute arbitrary commands, with CVSS 3.1 base score 9.8 (CRITICAL) and impacts to confidentiality, integrity, and availability (C:H, I:H, A:H). Root ...
CVE-2020-23966
SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request...
Victor CMS 1.0 Shell Upload
Exploit Title: Victor CMS 1.0 - File Upload To RCE Date: 20.12.2020 Exploit Author: Mosaaed Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Apache2/Linux Step1: register...
Victor CMS 1.0 - File Upload To RCE
Exploit Title: Victor CMS 1.0 - File Upload To RCE Date: 20.12.2020 Exploit Author: Mosaaed Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Apache2/Linux Step1: register...
Victor CMS 1.0 - Multiple SQL Injection (Authenticated)
Exploit Title: Victor CMS 1.0 - Multiple SQL Injection Authenticated Date: 17.12.2020 Exploit Author: Furkan Göksel Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Description: The Victor CMS v1.0...
Victor CMS 1.0 SQL Injection
Exploit Title: Victor CMS 1.0 - Multiple SQL Injection Authenticated Date: 17.12.2020 Exploit Author: Furkan Göksel Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Description: The Victor CMS v1.0...
Victor CMS SQL注入漏洞
Victor CMS is a simple content management system. Victor CMS 1.0 suffers from a SQL injection vulnerability. The vulnerability can be exploited to conduct SQL injection attacks via the 'search' parameter on the search.php page...
Victor CMS 1.0 - 'Search' SQL Injection
Exploit Title: Victor CMS 1.0 - 'Search' SQL Injection Date: 2020-08-04 Exploit Author: Edo Maland Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: XAMPP / Windows 10...
Victor CMS 1.0 - (Search) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Victor CMS 1.0 - 'Search' SQL Injection Exploit Author: Edo Maland Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: XAMPP ...
Victor CMS 1.0 - 'user_firstname' Persistent Cross-Site Scripting
Exploit Title: Victor CMS 1.0 - 'userfirstname' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-06-28 Exploit Author: Anushree Priyadarshini Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link:https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0...
Victor CMS 1.0 - (user_firstname) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Victor CMS 1.0 - 'userfirstname' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-06-28 Exploit Author: Anushree Priyadarshini Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software...
CVE-2020-13427
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=adduser via the username, userfirstname, or userlastname parameter...
Cross site scripting
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=adduser via the username, userfirstname, or userlastname parameter...
CVE-2020-13427
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=adduser via the username, userfirstname, or userlastname parameter...
Victor CMS 1.0 - (add_user) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Victor CMS 1.0 - 'adduser' Persistent Cross-Site Scripting Exploit Author: Nitya Nand Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1....
Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting
Exploit Title: Victor CMS 1.0 - 'adduser' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-05-23 Exploit Author: Nitya Nand Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Linux C...
Victor CMS 1.0 - Authenticated Arbitrary File Upload
Exploit Title: Victor CMS 1.0 - Authenticated Arbitrary File Upload Google Dork: N/A Date: 2020-05-19 Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on:...
Victor CMS 1.0 - 'cat_id' SQL Injection
Exploit Title: Victor CMS 1.0 - 'catid' SQL Injection Google Dork: N/A Date: 2020-05-19 Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Windows 10...
Victor CMS 1.0 - (comment_author) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Victor CMS 1.0 - 'commentauthor' Persistent Cross-Site Scripting Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link:...