4 matches found
CVE-2020-20583
CVE-2020-20583 affects LJCMS, specifically the vulnerable endpoint /question.php in Version v4.3.R60321. The root cause is a SQL injection flaw that allows attackers to access sensitive database information. The available documents do not specify an exploit method, active exploitation, or confirm...
CVE-2020-21237
CVE-2020-21237 affects LJCMS v1.11 and is due to a login-box vulnerability that allows brute-force attempts to hijack user accounts. The available documents explicitly describe a lack of effective protection against brute-force login, enabling account hijacking. No concrete patch details, affecte...
CVE-2020-20979
CVE-2020-20979 concerns an arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3, allowing attackers to execute arbitrary code. Affected software: LJCMS v4.3. Root cause: improper handling in the file upload process via move_uploaded_file. Impact: arbitrary code e...
CVE-2020-20735
CVE-2020-20735 affects LJCMS v4.3.R60321. Public sources in the connected documents describe a file upload vulnerability in ljcms/index.php that allows a remote attacker to execute arbitrary code, with CVSS v3.1 metrics indicating Network impact, no privileges required, no user interaction, and a...