14 matches found
CVE-2024-45265
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter...
CVE-2024-45264
A cross-site request forgery CSRF vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges...
CVE-2024-45264
A cross-site request forgery CSRF vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges...
CVE-2024-45264
A cross-site request forgery CSRF vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges...
CVE-2024-45264
A cross-site request forgery CSRF vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges...
SkySystem Arfa-CMS 安全漏洞
SkySystem Arfa-CMS is a content management system from SkySystem, Inc. A security vulnerability exists in SkySystem Arfa-CMS version 5.1.3124 and prior versions, which stems from a cross-site request forgery CSRF vulnerability in the admin panel...
CVE-2024-45264
A cross-site request forgery CSRF vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges...
CVE-2024-45265
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter...
CVE-2024-45265
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter...
CVE-2024-45265
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter...
CVE-2024-45265
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter...
CVE-2024-45265
CVE-2024-45265 affects SkySystem Arfa-CMS before 5.1.3124. The vulnerability is a SQL injection in the poll component, exploitable via the psid parameter to allow remote attackers to execute arbitrary SQL commands. Root cause is improper handling of user-supplied psid data in the poll module, lea...
The vulnerability of the Arfa-CMS content management system, related to the manipulation of cross-site requests, allows a hacker to perform a CSRF attack.
The vulnerability of the Arfa-CMS content management system is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...
The vulnerability of the Arfa-CMS content management system lies in the lack of measures taken to protect the SQL query structure, allowing for the execution of arbitrary SQL queries.
The vulnerability of the Arfa-CMS content management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...