CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

163 matches found

Vulnrichment•added 2024/05/14 2:45 p.m.•13 views

CVE-2024-34256

OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function...

8.1AI score0.00654EPSS

Exploits1References1

CVE•added 2024/05/14 2:45 p.m.•52 views

CVE-2024-34256

CVE-2024-34256 affects OFCMS V1.1.2 and is caused by SQL Injection via the new table function in OFCMS. Multiple sources (NVD, CVE listings, Red Hat, CNNVD, PT Security) consistently describe a high-severity issue with potential total impact if exploited, but exploitation details and confirmed at...

9.8CVSS8AI score0.00654EPSS

Exploits1References1Affected Software1

Cvelist•added 2024/05/14 2:45 p.m.•21 views

CVE-2024-34256

OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function...

8AI score0.00654EPSS

Exploits1References1

Positive Technologies•added 2024/05/14 12:0 a.m.•2 views

PT-2024-25773 · Ofcms · Ofcms

Name of the Vulnerable Software and Affected Versions: OFCMS version 1.1.2 Description: The issue allows for SQL Injection via the new table function. Recommendations: For OFCMS version 1.1.2, update to a version that fixes this issue, however at the moment, there is no information about a newer...

9.8CVSS7.2AI score0.00654EPSS

Exploits1References3

Prion•added 2024/01/16 11:15 p.m.•18 views

Cross site scripting

Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component...

4.9CVSS6.2AI score0.0045EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2024/01/16 12:0 a.m.•3 views

CVE-2023-51807

Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component...

5.1AI score0.0045EPSS

Exploits1References3

CNNVD•added 2024/01/16 12:0 a.m.•2 views

OFCMS Security Vulnerabilities

Zhongtian Network Technology OFCMS is a content management system CMS developed in Java language by China Zhongtian Network Technology Company. A security vulnerability exists in OFCMS version v.1.14, which stems from the presence of a cross-site scripting vulnerability that allows remote attacke...

5.4CVSS6AI score0.0045EPSS

Exploits1References2

CVE•added 2024/01/16 12:0 a.m.•36 views

CVE-2023-51807

CVE-2023-51807 is an XSS vulnerability in OFCMS v1.14. A remote attacker can obtain sensitive information by sending a crafted payload to the title addition component. CVSSv3.1 base score 5.4 (Network, Low attack complexity, Privileges Required: Low, User Interaction: Required, Scope: Changed; Co...

5.4CVSS5.1AI score0.0045EPSS

Exploits1References3Affected Software1

OSV•added 2023/03/16 2:15 a.m.•2 views

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

8.8CVSS7.3AI score0.00842EPSS

Exploits1References2

NVD•added 2023/03/16 2:15 a.m.•9 views

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

8.8CVSS8.8AI score0.00842EPSS

Exploits1References2

Prion•added 2023/03/16 2:15 a.m.•15 views

Design/Logic Flaw

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

6.5CVSS8.7AI score0.00842EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2023/03/16 12:0 a.m.•3 views

PT-2023-19768 · Ofcms · Ofcms

Name of the Vulnerable Software and Affected Versions: Ofcms version 1.1.4 Description: An issue in Ofcms allows a remote attacker to escalate privileges via the respwd method in SysUserController. Recommendations: For Ofcms version 1.1.4, consider disabling the respwd method in SysUserController...

8.8CVSS8.7AI score0.00842EPSS

Exploits1References5

CVE•added 2023/03/16 12:0 a.m.•50 views

CVE-2023-24760

CVE-2023-24760 affects Ofcms v1.1.4, allowing a remote attacker to escalate privileges via the respwd method in SysUserController. Affected component is Ofcms (web CMS); root cause described as improper access control in respwd. The NVD entry reports CVSSv3.1 base score 8.8 (Network, Low complexi...

8.8CVSS8.6AI score0.00842EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2023/03/16 12:0 a.m.•7 views

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

8.8AI score0.00842EPSS

Exploits1References2

Cvelist•added 2023/03/16 12:0 a.m.•16 views

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

8.9AI score0.00842EPSS

Exploits1References2

CNVD•added 2022/06/09 12:0 a.m.•10 views

OFCMS Cross-Site Scripting Vulnerability

OFCMS is a content management system CMS developed by China Zhongtian Network Technology Company using Java language. v1.1.4 of OFCMS has a cross-site scripting vulnerability, which originates from the component /admin/comn/service/update.json lack of data validation filtering for user-supplied...

4.3CVSS2.5AI score0.00528EPSS

Exploits0Affected Software1

OSV•added 2022/06/02 2:15 p.m.•2 views

CVE-2022-29653

OFCMS v1.1.4 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/comn/service/update.json...

6.1CVSS5.7AI score0.00528EPSS

Exploits0References1

NVD•added 2022/06/02 2:15 p.m.•14 views

CVE-2022-29653

OFCMS v1.1.4 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/comn/service/update.json...

6.1CVSS0.00528EPSS

Exploits0References1