75 matches found
CVE-2021-43735
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule...
Remote code execution
CmsWing CMS 1.3.7 is affected by a Remote Code Execution RCE vulnerability via parameter: log rule...
Code injection
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule...
CVE-2021-43736
CmsWing CMS 1.3.7 is affected by a Remote Code Execution RCE vulnerability via parameter: log rule...
CVE-2021-43736
The vulnerability concerns CmsWing CMS 1.3.7 , where a Remote Code Execution (RCE) can be triggered through a vulnerable logging parameter path (described as a log rule). The available documents identify the affected product and the root cause as a misused or injectable logging rule parameter but...
CVE-2021-43735
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule...
CVE-2021-43735
CmsWing 1.3.7 is affected by a SQL injection vulnerability in the behavior rule parameter. The root cause is insufficient escaping/ filtering of SQL data in these parameters, allowing potential unauthorized SQL execution. Impact is described as exposing or altering database data (high severity pe...
CMSWing SQL注入漏洞
CMSWing is an e-commerce platform and CMS builder based on ThinkJS and MySQL.A SQL injection vulnerability exists in CMSWing version 1.3.7, which stems from the lack of filtering escapes for SQL data in the behavior rules of the parameters. An attacker could use this vulnerability to execute...
CMSWing 参数注入漏洞
CMSWing is an e-commerce platform and CMS builder based on ThinkJS and MySQL. A security vulnerability exists in CMSWing version 1.3.7, which stems from a logging rule in a parameter that can lead to a remote code execution vulnerability...
CMSWing Cross-Site Scripting Vulnerability (CNVD-2021-37204)
CMSWing is an e-commerce platform and CMS building system based on ThinkJS and MySQL. A cross-site scripting vulnerability exists in CmsWing version 1.3.7, which stems from a vulnerability that is triggered when a visitor accesses the Articles module. No detailed vulnerability details are availab...
CMSWing Cross-Site Scripting Vulnerability
CMSWing is an e-commerce platform and CMS building system based on ThinkJS and MySQL. A cross-site scripting vulnerability exists in CmsWing version 1.3.7, which stems from a vulnerability that is triggered when an administrator accesses the content management module. No detailed vulnerability...
CVE-2020-24993
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability stored XSS is triggered when visitors access the article module...
CVE-2020-24992
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability stored XSS is triggered when an administrator accesses the content management module...
CVE-2020-24992
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability stored XSS is triggered when an administrator accesses the content management module...
CVE-2020-24993
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability stored XSS is triggered when visitors access the article module...
Cross site scripting
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability stored XSS is triggered when visitors access the article module...
Cross site scripting
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability stored XSS is triggered when an administrator accesses the content management module...
CVE-2020-24993
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability stored XSS is triggered when visitors access the article module...
CVE-2020-24993
Technical details of CVE-2020-24993 are not publicly provided in the supplied documents. Monitor for updates from vendors and advisories; no specifics on affected components, exploit method, or fixes are given here.
CVE-2020-24992
CVE-2020-24992 affects CmsWing 1.3.7. The connected Red Hat/CNVD/CNNVD and CVE aggregations confirm a stored cross-site scripting (XSS) vulnerability that is triggered when an administrator accesses the content management module. The available descriptions consistently state the vulnerability typ...