117 matches found
CVE-2024-25297
CVE-2024-25297 is a Cross Site Scripting (XSS) vulnerability in Bludit CMS 3.15 exploitable via the endpoint edit-content.php . Multiple connected sources describe that remote attackers can execute arbitrary code and access sensitive information through this vector. Exploitation details in public...
Sql injection
SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle function in admin/content.php...
CVE-2020-20413
CVE-2020-20413 affects WUZHICMS v4.1.0. A SQL injection in the checktitle() function of admin/content.php enables a remote attacker to execute arbitrary code. The vulnerability is described across multiple security feeds as a high-severity issue (CVSSv3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). No...
CVE-2020-20413
SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle function in admin/content.php...
CVE-2020-20122
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle function in /coreframe/app/content/admin/content.php...
Sql injection
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle function in /coreframe/app/content/admin/content.php...
Wuzhi WUZHI CMS SQL注入漏洞
WUZHI CMS WUZHI CMS is a high-performance open source content management system , support for LNAMP architecture , suitable for portals , corporate Web site , mobile site , microblogging promotion. WUZHI CMS 4.1.0 version of the /coreframe/app/content/admin/content.php in the checktitle function...
CVE-2020-23979
13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter...
CVE-2020-23981
13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id parameter...
CVE-2020-23981
13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id parameter...
Cross site scripting
13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id parameter...
Sql injection
13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter...
CVE-2020-23976
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter...
Sql injection
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter...
CVE-2020-23981
CVE-2020-23981 affects 13enforme CMS 1.0 with a Cross Site Scripting flaw in the content.php id parameter. The NVD entry lists CVSSv2/3.1 base scores of 4.3 (MEDIUM) and 6.1 (MEDIUM) respectively, indicating potential impact to confidentiality and integrity. No vendor/version-specific remediation...
CVE-2020-23981
13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id parameter...
CVE-2020-23979
CVE-2020-23979 affects 13enforme CMS 1.0, with a SQL Injection via the content.php id parameter. The NVD notes a Network attack vector, LOW complexity, no authentication, and partial confidentiality, integrity, and availability impacts (CVSS v2: 7.5 HIGH; CVSS v3.1: 9.8 CRITICAL). Connected docum...
CVE-2020-23979
13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter...
CVE-2020-23976
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter...
CVE-2019-16988
In FusionPBX up to v4.5.7, the file app\basicoperatorpanel\resources\content.php uses an unsanitized "eavesdropdest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS...