CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

245 matches found

NVD•added 2023/06/20 3:15 p.m.•13 views

CVE-2020-21489

File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component...

9.8CVSS9.6AI score0.01664EPSS

Exploits1References1

NVD•added 2023/06/14 2:15 p.m.•12 views

CVE-2023-34752

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit...

9.8CVSS9.9AI score0.30198EPSS

Exploits1References3

NVD•added 2023/06/14 2:15 p.m.•9 views

CVE-2023-34756

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit...

9.8CVSS9.9AI score0.33243EPSS

Exploits1References1

Prion•added 2023/06/14 2:15 p.m.•11 views

Sql injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit...

7.5CVSS9.8AI score0.33243EPSS

Exploits1References1Affected Software1

Cvelist•added 2023/06/14 12:0 a.m.•214 views

CVE-2023-34752

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit...

10AI score0.30198EPSS

Exploits1References3

CVE•added 2023/06/14 12:0 a.m.•49 views

CVE-2023-34754

Affected software: bloofox CMS 0.5.2.1. Vulnerability: SQL injection in the pid parameter of admin/index.php?mode=settings&page=plugins&action=edit. Root cause: input from pid is used in SQL without sufficient sanitization (CWE-89). Impact: arbitrary SQL queries, potentially leading to data leaka...

9.8CVSS9.8AI score0.12801EPSS

Exploits1References1Affected Software1

CNNVD•added 2023/06/07 12:0 a.m.•3 views

WordPress Plugin Page Builder: KingComposer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Page Builder: KingComposer...

8.8CVSS8AI score0.0055EPSS

Exploits1References5

NVD•added 2022/06/16 12:15 p.m.•8 views

CVE-2021-41654

SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php...

9.8CVSS0.00286EPSS

Exploits1References1

Cvelist•added 2022/06/16 11:22 a.m.•17 views

CVE-2021-41654

SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php...

10AI score0.00286EPSS

Exploits1References1

Github Security Blog•added 2022/05/24 5:21 p.m.•12 views

NukeViet Cross-Site Request Forgery (CSRF)

clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI...

8.8CVSS7.2AI score0.00159EPSS

Exploits1References4Affected Software1

NVD•added 2022/02/24 3:15 p.m.•8 views

CVE-2021-44610

Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the 1 URLs, 2 langid, 3 tmplid, 4 modrewrite 5 etadoctype. 6 metacharset, 7 defaultgroup, and 8 page group parameters in the settings mode in admin/index.php...

9.8CVSS0.00706EPSS

Exploits1References1

Prion•added 2022/02/24 3:15 p.m.•7 views

Sql injection

7.5CVSS9.9AI score0.00706EPSS

Exploits1References1Affected Software1

CVE•added 2021/12/27 8:32 p.m.•47 views

CVE-2020-20946

CVE-2020-20946 affects Qibosoft v7 (CMS) with a stored XSS vulnerability in the admin path /admin/index.php?lfj=friendlink&action=add. The root cause is input data not validated in the friendlink/add handler, enabling injected client-side script execution. CVSS metrics indicate a Low to Medium ov...

5.4CVSS5.2AI score0.00354EPSS

Exploits1References2Affected Software1

NVD•added 2021/09/28 11:15 p.m.•8 views

CVE-2020-20124

Wuzhi CMS v4.1.0 contains a remote code execution RCE vulnerability in \attachment\admin\index.php...

8.8CVSS0.03146EPSS

Exploits1References2

CNVD•added 2021/09/17 12:0 a.m.•19 views

WUZHI CMS SQL Injection Vulnerability (CNVD-2021-99300)

WUZHI CMS Five Fingers CMS is a high-performance open source content management system that supports LNAMP architecture, suitable for portals, enterprise websites, mobile sites, microsoft promotion. Attackers can use the keywords parameter in coreframe/app/promote/admin/index.php vulnerability fo...

9.8CVSS3.3AI score0.00264EPSS

Exploits1References1

NVD•added 2021/09/16 7:15 p.m.•9 views

CVE-2021-40669

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file...

9.8CVSS0.00264EPSS

Exploits1References1

Cvelist•added 2021/09/16 6:2 p.m.•6 views

CVE-2021-40669

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file...

10AI score0.00264EPSS

Exploits1References1

Prion•added 2021/08/20 2:15 p.m.•13 views

Sql injection

SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'...

5CVSS7.7AI score0.00227EPSS

Exploits1References1Affected Software1

NVD•added 2021/07/30 2:15 p.m.•12 views

CVE-2020-18157

Cross Site Request Forgery CSRF vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php...

8.8CVSS0.00112EPSS

Exploits1References1

Cvelist•added 2021/07/29 4:17 p.m.•12 views

CVE-2020-18157

Cross Site Request Forgery CSRF vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php...

8.8AI score0.00112EPSS

Exploits1References1