An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing.
9.8CVSS
9.6AI Score
0.008EPSS
An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter.
9.8CVSS
9.8AI Score
0.005EPSS