Lucene search
+L

7 matches found

nvd
nvd
added 2023/12/08 3:15 p.m.20 views

CVE-2023-49444

An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar...

5.4CVSS0.0051EPSS
Exploits1References1
nvd
nvd
added 2023/12/08 3:15 p.m.25 views

CVE-2023-49443

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack...

9.8CVSS0.00815EPSS
Exploits1References1
prion
prion
added 2023/12/08 3:15 p.m.14 views

Default credentials

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack...

7.5CVSS7.8AI score0.00815EPSS
Exploits1References1Affected Software1
prion
prion
added 2023/12/08 3:15 p.m.18 views

Privilege escalation

An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar...

4.9CVSS7.9AI score0.0051EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2023/12/08 12:0 a.m.28 views

CVE-2023-49443

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack...

9.8AI score0.00815EPSS
Exploits1References1
cvelist
cvelist
added 2023/12/08 12:0 a.m.27 views

CVE-2023-49444

An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar...

6.3AI score0.0051EPSS
Exploits1References1
cve
cve
added 2022/03/20 6:34 p.m.84 views

CVE-2022-25464

CVE-2022-25464 is a stored XSS vulnerability in DoraCMS v2.1.8 affecting the component /admin/contenttemp. The issue allows an attacker to inject arbitrary scripts/HTML via a crafted payload. Public details place CVSSv3.1 base score at 4.8 (MEDIUM) with network access, low attack complexity, user...

4.8CVSS4.9AI score0.00435EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder