Lucene search
K
Ed01-cms ProjectEd01-cms

6 matches found

CVE
CVE
added 2022/04/26 8:29 p.m.77 views

CVE-2022-28524

ED01-CMS v20180505 contains a SQL injection in the component post.php due to lack of validation of externally entered SQL statements. This allows an attacker to execute arbitrary SQL commands on the database, potentially compromising data confidentiality, integrity, and availability. CVSS data fr...

9.8CVSS9.8AI score0.00899EPSS
CVE
CVE
added 2022/04/26 8:29 p.m.76 views

CVE-2022-28525

CVE-2022-28525 affects ED01-CMS v20180505. The vulnerability is an arbitrary file upload via /admin/users.php?source=edit_user&id=1, indicating insecure handling of file uploads in the user edit functionality. According to the records, the CVSS metrics (2.0/3.1) show a network-based, low-effort p...

8.8CVSS8.8AI score0.00974EPSS
Web
CVE
CVE
added 2024/04/25 12:0 a.m.64 views

CVE-2024-30890

CVE-2024-30890 affects ED01-CMS v1.0 with a Cross Site Scripting vulnerability in the categories.php component. The issue could allow an attacker to obtain sensitive information from ED01-CMS, as described in multiple sources. There are no exploitation details in the provided documents, only that...

4.7CVSS5.9AI score0.00447EPSS
CVE
CVE
added 2021/11/03 5:57 p.m.48 views

CVE-2020-18261

CVE-2020-18261 affects ED01-CMS v1.0. An arbitrary file upload vulnerability in the image upload function allows attackers to execute arbitrary commands. The connected documents confirm the affected product and the underlying issue (unvalidated file upload) but do not provide remediation details ...

9.8CVSS9.6AI score0.01329EPSS
CVE
CVE
added 2021/11/03 5:57 p.m.44 views

CVE-2020-18259

ED01-CMS v1.0 contains a reflected XSS in the sposts.php component. Adversaries can inject arbitrary scripts/HTML via crafted payloads in the Post title or Post content, which are reflected and may affect page/script contexts. The CVE-2020-18259 entry cites this vulnerability with both NVD and ot...

6.1CVSS5.9AI score0.00621EPSS
CVE
CVE
added 2021/11/03 5:57 p.m.39 views

CVE-2020-18262

CVE-2020-18262 affects ED01-CMS v1.0. The vulnerability is a SQL injection in the cposts.php component via the cid parameter, reported across multiple sources. According to the provided data, this leads to high/severe impact (CVSSv2 base 7.5, CVSSv3.1 base 9.8) with network access and no authenti...

9.8CVSS9.7AI score0.00956EPSS