6 matches found
CVE-2022-28524
ED01-CMS v20180505 contains a SQL injection in the component post.php due to lack of validation of externally entered SQL statements. This allows an attacker to execute arbitrary SQL commands on the database, potentially compromising data confidentiality, integrity, and availability. CVSS data fr...
CVE-2022-28525
CVE-2022-28525 affects ED01-CMS v20180505. The vulnerability is an arbitrary file upload via /admin/users.php?source=edit_user&id=1, indicating insecure handling of file uploads in the user edit functionality. According to the records, the CVSS metrics (2.0/3.1) show a network-based, low-effort p...
CVE-2024-30890
CVE-2024-30890 affects ED01-CMS v1.0 with a Cross Site Scripting vulnerability in the categories.php component. The issue could allow an attacker to obtain sensitive information from ED01-CMS, as described in multiple sources. There are no exploitation details in the provided documents, only that...
CVE-2020-18261
CVE-2020-18261 affects ED01-CMS v1.0. An arbitrary file upload vulnerability in the image upload function allows attackers to execute arbitrary commands. The connected documents confirm the affected product and the underlying issue (unvalidated file upload) but do not provide remediation details ...
CVE-2020-18259
ED01-CMS v1.0 contains a reflected XSS in the sposts.php component. Adversaries can inject arbitrary scripts/HTML via crafted payloads in the Post title or Post content, which are reflected and may affect page/script contexts. The CVE-2020-18259 entry cites this vulnerability with both NVD and ot...
CVE-2020-18262
CVE-2020-18262 affects ED01-CMS v1.0. The vulnerability is a SQL injection in the cposts.php component via the cid parameter, reported across multiple sources. According to the provided data, this leads to high/severe impact (CVSSv2 base 7.5, CVSSv3.1 base 9.8) with network access and no authenti...