WordPress Accessibility Suite by Ability, Inc plugin <= 4.20 - Authenticated (Subscriber+) SQL Injection via 'scan_id' Parameter vulnerability

Authenticated Subscriber+ SQL Injection via 'scanid' Parameter vulnerability discovered by Victor Pasman in WordPress Plugin Accessibility Suite versions = 4.20...

Victor CMS SQL注入漏洞

Victor CMS is an open-source content management system developed by Victor Alagwu in Nigeria. Version 1.0 of Victor CMS has a SQL injection vulnerability, which stems from insufficient input validation for the catid parameter in the category.php file. This vulnerability may lead to SQL injection...

Victor CMS 跨站请求伪造漏洞

Victor CMS is an open-source content management system developed by Victor Alagwu in Nigeria. Version 1.0 of Victor CMS has a cross-site request forgeing vulnerability. This vulnerability allows attackers to perform unauthorized administrative operations...

Victor CMS SQL注入漏洞

Victor CMS is an open-source content management system developed by Victor Alagwu in Nigeria. Version 1.0 of Victor CMS has a SQL injection vulnerability. This vulnerability stems from post parameters that allow SQL injections, which may enable unverified attackers to manipulate database queries,...

CVE-2020-37076

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

CVE-2020-37076

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

CVE-2020-37072

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'commentauthor' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers...

CVE-2020-37073

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

CVE-2020-37073

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

CVE-2020-37076 Victor CMS 1.0 - 'post' SQL Injection

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

CVE-2020-37076

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

CVE-2020-37076

Victor CMS 1.0 is affected by a SQL injection in the post parameter of post.php. The vulnerability allows remote attackers to manipulate database queries using crafted UNION SELECT payloads to extract information via boolean-based, error-based, and time-based techniques. Reported across multiple ...

CVE-2020-37073

Victor CMS 1.0 has an authenticated file-upload flaw in the user_image parameter. The vulnerability allows an administrator to upload arbitrary PHP files (a PHP shell) to the /img/ directory, enabling command execution when the uploaded file is accessed with a cmd parameter. The issue is describe...

CVE-2020-37073 Victor CMS 1.0 - Authenticated Arbitrary File Upload

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

CVE-2020-37073 Victor CMS 1.0 - Authenticated Arbitrary File Upload

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

CVE-2020-37073

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

CVE-2020-37072 Victor CMS 1.0 - 'comment_author' Persistent Cross-Site Scripting

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'commentauthor' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers...

CVE-2020-37072 Victor CMS 1.0 - 'comment_author' Persistent Cross-Site Scripting

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'commentauthor' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers...

CVE-2020-37072

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'commentauthor' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers...

CVE-2020-37072

Victor CMS 1.0 is affected by a stored cross-site scripting (XSS) flaw in the 'comment_author' POST parameter. The vulnerability allows an attacker to inject JavaScript that executes in a victim’s browser when comments are processed. Documented as CVE-2020-37072, the issue is described with a net...