4 matches found
Sql injection
A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R60321 allows attackers to obtain sensitive database information...
CVE-2020-20583
CVE-2020-20583 affects LJCMS, specifically the vulnerable endpoint /question.php in Version v4.3.R60321. The root cause is a SQL injection flaw that allows attackers to access sensitive database information. The available documents do not specify an exploit method, active exploitation, or confirm...
Cross site request forgery (csrf)
OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery CSRF. The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3...
CVE-2019-1010112
OECMS v4.3.R60321 and later is affected by a Cross Site Request Forgery (CSRF) vulnerability in admincp.php. The attack vector is network connectivity, and the impact is that a victim could be tricked into adding an administrator account. The fixed version is v4.3. This CVE entry corresponds to C...