2 matches found
CVE-2022-33085
ESPCMS P8 is affected by an authenticated remote code execution (RCE) vulnerability in the fetch_filename function under espcms_public/espcms_templates/ESPCMS_Templates. The Red Hat advisory and related records corroborate the issue, describing an authenticated RCE path via that function. No prod...
CVE-2020-18913
CVE-2020-18913 affects EARCLINK ESPCMS-P8 with a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. The issue allows attackers to access sensitive database information. Public details cite both CVSS v2 (base score 5.0, MEDIUM) and CVSS v3.1 (base scor...