CVE-2022-44089

CVE-2022-44089 affects ESPCMS P8.21120101, with a remote code execution (RCE) via the IS_GETCACHE component. The entry shows a NETWORK attack vector, LOW attack complexity, and no privileges or user interaction required, resulting in HIGH confidentiality, integrity, and availability impacts (CVSS...

CVE-2020-18404

CVE-2020-18404 affects espcms version P8.18101601. Multiple connected sources (NVD, RH, CNNVD, PRION, etc.) confirm a cross-site scripting (XSS) vulnerability that allows arbitrary code execution via the title parameter. The root cause is an input handling flaw in the title field leading to scrip...

CVE-2022-44087

CVE-2022-44087 affects ESPCMS P8.21120101 with a remote code execution (RCE) in the UPFILE_PIC_ZOOM_HIGHT component. The issue has a high severity (CVSS v3.1: 9.8, CRITICAL) with Network attack vector, no authentication required, no user interaction, and impact to confidentiality, integrity, and ...

CVE-2022-44088

ESPCMS P8.21120101 has a remote code execution (RCE) vulnerability in the INPUT_ISDESCRIPTION component (CVE-2022-44088). According to the CVE records, the issue is rated CRITICAL (CVSS v3.1: 9.8) with NETWORK attack vector, no privileges required, no user interaction, and impact on confidentiali...

CVE-2023-23007

The CVE-2023-23007 entry concerns ESPCMS P8.21120101, where a SQL injection vulnerability exists in the function node used for adding members after logging into the backend. The issue is documented across multiple connected sources, confirming the vulnerable component and the root cause (SQL inje...