4 matches found
CVE-2020-19267
CVE-2020-19267 affects Dswjcms 1.6.4. The issue resides in index.php/Dswjcms/Basis/resources, where lack of validation/escaping enables an attacker to upload a crafted PHP file and achieve arbitrary code execution. Impact: remote code execution via file upload. Affected/product details are limite...
CVE-2020-19265
The provided documents confirm a stored cross-site scripting (XSS) vulnerability in Dswjcms 1.6.4, specifically in the index.php/Dswjcms/Basis/links component. The root cause is lack of proper validation/escaping of input parameters in that component, enabling attackers to store and execute arbit...
CVE-2020-19268
CVE-2020-19268: CSRF in Dswjcms 1.6.4 (endpoint index.php/Dswjcms/User/tfAdd) allows authenticated attackers to arbitrarily add administrator users. Root cause: insufficient parameter validation/CSRF protection on tfAdd. Impact: unauthorized privilege escalation to admin. Exploitation details are...
CVE-2020-19266
A stored XSS vulnerability exists in Dswjcms 1.6.4, specifically in index.php/Dswjcms/Site/articleList, allowing attackers to execute arbitrary web scripts/HTML. The root cause is lack of input validation/escaping for the affected parameter. No explicit exploitation details or remediation are pro...