Flamecms Security Vulnerabilities and Issues — Flamecms CVE List

Flamecms ProjectFlamecms

3 matches found

CVE•added 2019/09/14 3:23 p.m.•54 views

CVE-2019-16309

FlameCMS 3.3.5 has an SQL injection in account/login.php via the accountName parameter. The root cause is a lack of input validation for SQL statements in a database-backed application, enabling an attacker to execute arbitrary SQL commands. This CVE (CVE-2019-16309) is corroborated by multiple s...

9.8CVSS9.8AI score0.45915EPSS

Web

CVE•added 2021/09/30 9:39 p.m.•41 views

CVE-2020-20797

FlameCMS 3.3.5 contains a time-based blind SQL injection in /account/register.php. Root cause: insufficient input validation/escaping allows parameterized SQL execution. Affects multiple CIA with high impact per CVSSv3.1 (CRITICAL, 9.8) and CVSSv2 (HIGH, 7.5). Exploitation details are not provide...

9.8CVSS9.7AI score0.00245EPSS

Web

CVE•added 2021/09/30 9:39 p.m.•40 views

CVE-2020-20796

CVE-2020-20796 affects FlameCMS 3.3.5. A SQL injection vulnerability exists in the file and parameter path master/article.php via the Id parameter, enabling potentially harmful database access. The issue is rated as high/critical (CVSS 3.1: 9.8; CVSS 2.0: 7.5), with network-vector exposure and no...

9.8CVSS9.7AI score0.00245EPSS

Web