Lucene search
+L
Dswjcms ProjectDswjcms

4 matches found

cve
cve
added 2021/09/09 5:44 p.m.52 views

CVE-2020-19267

CVE-2020-19267 affects Dswjcms 1.6.4. The issue resides in index.php/Dswjcms/Basis/resources, where lack of validation/escaping enables an attacker to upload a crafted PHP file and achieve arbitrary code execution. Impact: remote code execution via file upload. Affected/product details are limite...

9.8CVSS9.5AI score0.01603EPSS
cve
cve
added 2021/09/09 5:44 p.m.49 views

CVE-2020-19265

The provided documents confirm a stored cross-site scripting (XSS) vulnerability in Dswjcms 1.6.4, specifically in the index.php/Dswjcms/Basis/links component. The root cause is lack of proper validation/escaping of input parameters in that component, enabling attackers to store and execute arbit...

6.1CVSS5.9AI score0.00641EPSS
cve
cve
added 2021/09/09 5:44 p.m.41 views

CVE-2020-19268

CVE-2020-19268: CSRF in Dswjcms 1.6.4 (endpoint index.php/Dswjcms/User/tfAdd) allows authenticated attackers to arbitrarily add administrator users. Root cause: insufficient parameter validation/CSRF protection on tfAdd. Impact: unauthorized privilege escalation to admin. Exploitation details are...

5.7CVSS5.5AI score0.00306EPSS
cve
cve
added 2021/09/09 5:44 p.m.40 views

CVE-2020-19266

A stored XSS vulnerability exists in Dswjcms 1.6.4, specifically in index.php/Dswjcms/Site/articleList, allowing attackers to execute arbitrary web scripts/HTML. The root cause is lack of input validation/escaping for the affected parameter. No explicit exploitation details or remediation are pro...

6.1CVSS5.9AI score0.00641EPSS