Lucene search
K

4335 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.22 views

PT-2026-45427

A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit topic.php. Such manipulation of the argument topic id leads to sql injection. The attack may be launched remotely. The exploit is publicly...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.20 views

PT-2026-45405

A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /save comment.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

6.5CVSS5.7AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45406

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/update ss img.php. The manipulation of the argument topic id results in sql injection. The attack can be executed remotely. The exploit has been release...

6.5CVSS5.7AI score0.002EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

itsourcecode Content Management System SQL注入漏洞

itsourcecode Content Management System is an open-source content management system developed by itsourcecode. Version 1.0 of the itsourcecode Content Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the topicid parameter in the...

6.5CVSS6.6AI score0.002EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

itsourcecode Content Management System SQL注入漏洞

itsourcecode Content Management System is an open-source content management system developed by itsourcecode. Version 1.0 of the itsourcecode Content Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the topicid parameter in the file...

6.5CVSS6.6AI score0.00204EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

OFCMS SQL注入漏洞

OFCMS is a content management system developed by the Oufu individual developers. Version OFCMS 1.1.3 has a SQL injection vulnerability, which stems from an SQL injection in the Query function of the SysUserController.java file within the JSON query interface...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

OFCMS SQL注入漏洞

OFCMS is a content management system developed by the Oufu individual developers. Version OFCMS 1.1.3 has a SQL injection vulnerability, which stems from an SQL injection in the Query function of the SystemParamController.java file within the JSON query interface...

6.5CVSS6.6AI score0.00196EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

OFCMS SQL注入漏洞

OFCMS is a content management system developed by the Oufu individual developers. Version OFCMS 1.1.3 has a SQL injection vulnerability, which stems from the SQL injection in the Query function of the SystemDictController.java file within the JSON query interface...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/31 11:30 p.m.11 views

CVE-2026-10203 OFCMS JSON Query SystemParamController.java query sql injection

A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/31 4:15 p.m.13 views

EUVD-2026-33515

A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sq...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.23 views

PT-2026-45221

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated remotely...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/29 2:46 p.m.13 views

EUVD-2018-21915

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigatedownload.php with path traversal payloads ../../../cfg/globals.php to...

7.1CVSS5.9AI score0.00565EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/27 8:13 p.m.12 views

CVE-2026-46620

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS5.8AI score0.00133EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 4:16 p.m.16 views

CVE-2026-46620

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS0.00133EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 4:16 p.m.21 views

CVE-2026-43935

e107 is a content management system CMS. Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, o...

8.1CVSS0.00297EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 3:1 p.m.9 views

CVE-2026-43935

e107 is a content management system CMS. Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, o...

8.1CVSS5.8AI score0.00297EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/26 2:51 p.m.10 views

EUVD-2026-31847

e107 is a content management system CMS. Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:51 p.m.9 views

CVE-2026-43936

e107 is a content management system CMS. Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.11 views

PT-2026-43268

e107 is a content management system CMS. Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

Joomla! CMS 授权问题漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has authorization-related vulnerabilities, which stem from insufficient state checks, allowing bypasses of 2FA authentication...

8.2CVSS5.8AI score0.00297EPSS
Exploits0References1
Rows per page
Query Builder