CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1593 matches found

Cvelist•added 2021/08/27 6:6 p.m.•17 views

CVE-2021-3264

SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php...

7.7AI score0.00255EPSS

Exploits1References1

CNVD•added 2021/08/27 12:0 a.m.•13 views

Electron Technologies FZC PopojiCMS Cross-Site Request Forgery Vulnerability

Electron Technologies FZC PopojiCMS is an open source content management system CMS based on the Popoji framework from Electron Technologies FZC. version 2.0.1 of Electron Technologies FZC PopojiCMS admin.php is vulnerable to cross-site request forgery. No detailed vulnerability details are...

4.3CVSS2.6AI score0.00098EPSS

Exploits1References1

NVD•added 2021/08/26 3:15 a.m.•8 views

CVE-2020-19821

A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders parameter...

8.8CVSS0.00239EPSS

Exploits1References1

OSV•added 2021/08/26 3:15 a.m.•0 views

CVE-2020-19821

A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders parameter...

8.8CVSS6AI score0.00239EPSS

Exploits1References1

Prion•added 2021/08/26 3:15 a.m.•9 views

Sql injection

A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders parameter...

6.5CVSS9.1AI score0.00239EPSS

Exploits1References1Affected Software1

CVE•added 2021/08/26 2:47 a.m.•48 views

CVE-2020-19821

DOYO CMS (DOYOCMS) 2.3 contains a SQL injection in admin.php reachable via the orders[] parameter, allowing attackers to execute arbitrary SQL commands. Root cause: improper handling/sanitization of the orders[] input leads to injection. Affected component: DOYOCMS 2.3; entry describes high-sever...

8.8CVSS9.1AI score0.00239EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/08/26 2:47 a.m.•11 views

CVE-2020-19821

A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders parameter...

9.2AI score0.00239EPSS

Exploits1References1

CNNVD•added 2021/08/26 12:0 a.m.•1 views

DOYO SQL注入漏洞

DOYO doyocms is a PHP-based open source content management system CMS. A SQL injection vulnerability exists in admin.php of DOYO CMS 2.3, which can be exploited by an attacker to execute arbitrary SQL commands via the orders parameter...

8.8CVSS8.5AI score0.00239EPSS

Exploits1References2

NVD•added 2021/08/25 8:15 p.m.•14 views

CVE-2020-19547

Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php...

6.5CVSS0.00393EPSS

Exploits1References1

OSV•added 2021/08/25 8:15 p.m.•11 views

CVE-2020-19547

Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php...

6.5CVSS6.8AI score

Exploits0References1

OSV•added 2021/08/25 8:15 p.m.•9 views

CVE-2020-18065

Cross Site Scripting XSS vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager--------- edit menu...

5.4CVSS5.9AI score

Exploits0References1

Prion•added 2021/08/25 8:15 p.m.•10 views

Directory traversal

Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php...

4CVSS6.5AI score0.00393EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/08/25 7:18 p.m.•9 views

CVE-2020-19547

Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php...

6.5AI score0.00393EPSS

Exploits1References1

CVE•added 2021/08/25 7:18 p.m.•38 views

CVE-2020-19547

CVE-2020-19547 affects PopojiCMS 2.0.1, where a directory traversal vulnerability exists via the id parameter in admin.php. The issue is triggered over the network and is tied to an input path handling flaw in PopojiCMS’s admin interface, allowing potentially access to sensitive files. The connec...

6.5CVSS6.4AI score0.00393EPSS

Exploits1References1Affected Software1

CVE•added 2021/08/25 7:17 p.m.•34 views

CVE-2020-18065

CVE-2020-18065 affects PopojiCMS 2.0.1, specifically the admin.php?mod=menumanager functionality. The vulnerability is described as a Cross Site Scripting (XSS) issue; the connected documents do not provide technical details such as vulnerable function, input handling, or exploitation vectors. CV...

5.4CVSS5.2AI score0.00191EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/08/23 10:1 p.m.•14 views

CVE-2021-39599

Multiple Cross Site Scripting XSS vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in 1 public/search.php and in the 2 c parameter in admin.php...

6.3AI score0.00201EPSS

Exploits1References1

CVE•added 2021/08/23 10:1 p.m.•39 views

CVE-2021-39599

CVE-2021-39599 affects CXUUCMS 3.1, with multiple XSS vulnerabilities in public/search.php (search parameter) and admin.php (c parameter). The root cause is unsanitized input leading to client-side code execution. Impact is documented as XSS with potential impact on confidentiality/integrity depe...

6.1CVSS6.1AI score0.00201EPSS

Exploits1References1Affected Software1

wpexploit•added 2021/08/22 12:0 a.m.•109 views

Display users <= 2.0.0 - Authenticated SQL Injection

The Edit Role functionality in the plugin had an id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=display-users&tab=manage-role&action=edit&id=-4476+UNION+ALL+SELECT+NULL%2Cuser%28%29%2CNULL--+-...

7.2CVSS1.5AI score0.00567EPSS

Exploits2References1

Prion•added 2021/08/12 7:15 p.m.•9 views

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd...

6CVSS8AI score0.00115EPSS

Exploits1References1Affected Software1

Prion•added 2021/08/12 6:15 p.m.•7 views

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in bycms v1.3 via admin.php/systems/index/moduleid/70/groupid/1.html...

6CVSS6.8AI score0.00147EPSS

Exploits1References1Affected Software1