8 matches found
Atom CMS 2.0 SQL Injection
Exploit Title: Atom CMS v2.0 - SQL Injection no auth Date: 15/10/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://github.com/thedigicraft/Atom.CMS Software Link: https://github.com/thedigicraft/Atom.CMS Version: 2.0 Tested on: Windows 10...
CVE-2022-25487
Atom CMS v2.0 was discovered to contain a remote code execution RCE vulnerability via /admin/uploads.php...
CVE-2022-25489
Atom CMS v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the "A" parameter in /widgets/debug.php...
Sql injection
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php...
Cross site scripting
Atom CMS v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the "A" parameter in /widgets/debug.php...
CVE-2022-25487
Atom CMS v2.0 was discovered to contain a remote code execution RCE vulnerability via /admin/uploads.php...
CVE-2022-25488
Atom CMS v2.0 contains a SQL injection via the id parameter in /admin/ajax/avatar.php. The vulnerability arises from unsafely concatenated SQL in this endpoint, enabling arbitrary SQL execution and potentially data disclosure or modification. Public descriptions from multiple sources corroborate ...
CVE-2022-25489
Atom CMS v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the "A" parameter in /widgets/debug.php...