16 matches found
EUVD-2020-20590
Malware in sbrugna...
CVE-2020-28102
cscms v4.1 allows for SQL injection via the "jsdel" function...
CVE-2020-28103
cscms v4.1 allows for SQL injection via the "pagedel" function...
CVE-2020-28102
cscms v4.1 allows for SQL injection via the "jsdel" function...
Sql injection
cscms v4.1 allows for SQL injection via the "pagedel" function...
CVE-2020-28103
cscms v4.1 allows for SQL injection via the "pagedel" function...
CVE-2020-28103
CVE-2020-28103 affects cscms v4.1 and enables SQL injection through the page_del/page delete function. Root cause: improper input handling leading to SQL injection. CVSS 3.1 base score 9.8 (CRITICAL), NETWORK, no authentication, no user interaction. Exploitation details are not provided in the co...
CVE-2020-28102
cscms v4.1 allows for SQL injection via the "jsdel" function...
CVE-2020-22848
A remote code execution RCE vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands...
Remote code execution
A remote code execution RCE vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands...
CVE-2020-22848
CVE-2020-22848 affects cscms v4.1, specifically the Playsong.php component. An RCE vulnerability allows an attacker to execute arbitrary commands on affected systems. The connected documents consistently describe remote code execution via Playsong.php but do not provide specific exploit details, ...
CVE-2020-22848
A remote code execution RCE vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands...
CVE-2018-11527
An issue was discovered in CScms v4.1. A Cross-site request forgery CSRF vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpasssave...
Cross site request forgery (csrf)
An issue was discovered in CScms v4.1. A Cross-site request forgery CSRF vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpasssave...
CVE-2018-11527
An issue was discovered in CScms v4.1. A Cross-site request forgery CSRF vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpasssave...
CVE-2018-11527
CVE-2018-11527 affects CScms v4.1, where a Cross-site request forgery (CSRF) in plugins/sys/admin/Sys.php allows remote attackers to change the administrator’s username and password via /admin.php/sys/editpass_save. Exploitation details are not provided beyond the path, but the vulnerability enab...