forkcms SQL Injection Vulnerability (CNVD-2022-25983)

forkcms is an application. A CMS. forkcms version 5.11.1 previously contained a SQL injection vulnerability that stemmed from a lack of validation of externally entered SQL statements in the ids parameter of blog comments. An attacker could use this vulnerability to execute illegal SQL commands t...

SQL Injection

forkcms/forkcms is vulnerable to SQL Injection attacks. The ids parameter in getComments function is not properly sanitized, which allows a malicious user to inject and execute arbitrary SQL queries on the target system...

CVE-2022-1064

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1...

CVE-2022-1064

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1...

CVE-2022-1064 SQL injection through marking blog comments on bulk as spam in forkcms/forkcms

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1...

CVE-2022-1064

Fork CMS (forkcms/forkcms) is affected by SQL injection in versions prior to 5.11.1, via the ids parameter in blog comments where bulk marking as spam enables injection. The root cause is lack of validation of externally entered SQL statements in that parameter. Consequences stated include potent...

SQL Injection

forkcms/forkcms is vulnerable to SQL Injection attacks. The vulnerability exists in deleteData function in Model.php due to lack of validations which allows a malicious user to inject and execute arbitrary SQL queries on the server...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scriptingXSS attacks. A remote attacker is able to inject and execute malicious javascript via the description of a new module due to the lack of validations...

forkcms SQL注入漏洞

forkcms is an application. A CMS. forkcms version 5.11.1 previously contained a SQL injection vulnerability that stemmed from a lack of validation of externally entered SQL statements in the ids parameter of blog comments. An attacker could use this vulnerability to execute illegal SQL commands t...

Forkcms SQL Injection Vulnerability

forkcms is an open source CMS that uses Symfony components. forkcms is vulnerable to SQL injection, which can be exploited by attackers to tamper with database data...

CVE-2022-0153

SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1...

CVE-2022-0153

SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1...

CVE-2022-0153

Fork CMS contains a SQL injection vulnerability in versions prior to 5.11.1. The issue occurs when deleting submissions that belong to a form created with the FormBuilder module, where the id[] parameter is vulnerable to SQL injection. The CVE-2022-0153 entry is corroborated by multiple sources (...

CVE-2022-0153 SQL Injection in forkcms/forkcms

SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1...

CVE-2022-0153 SQL Injection in forkcms/forkcms

SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1...

CVE-2022-0145

Cross-site Scripting XSS - Stored in GitHub repository forkcms/forkcms prior to 5.11.1...

CVE-2022-0145 Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Cross-site Scripting XSS - Stored in GitHub repository forkcms/forkcms prior to 5.11.1...

forkcms SQL注入漏洞

forkcms is an open source CMS that uses Symfony components. forkcms is vulnerable to SQL injection, which can be exploited by attackers to tamper with database data...

Reflected XSS

Description Privacy Consent in ForkCMS v 5.11.0 Setting unsanitized user input resulting in Reflected XSS. Proof of Concept Endpoint 1 http://IP/private/en/settings/index Step 1 Login to ForkCMS 2 Go to Settings - General 3 Insert payload on "Technical Name" user input at "Privacy Consent" panel...

Cross-site Scripting (XSS) - Stored in friends-of-forkcms/fork-cms-module-commerce

Description In the admin section in Commerce - Shop settings - Stock statuses - Edit stock statuses one can add XSS payloads. After adding XSS payloads when a user is visiting Commerce - Shop settings - Stock statuses the JavaScript code will be run. Proof of Concept Go to Commerce - Shop setting...