7 matches found
CVE-2024-0425
ForU CMS (versions up to 2020-06-23) contains a vulnerability in /admin/index.php?act=reset_admin_psw that enables weak password recovery. The issue can be exploited remotely, and public disclosures exist. Several sources identify this as critical with remote access and potential impact to authen...
CVE-2023-5221
ForU CMS contains a code injection vulnerability in /install/index.php via manipulation of the db_name argument. The issue allows remote code execution and has been publicly disclosed. Impact is tied to confidentiality, integrity, and availability at HIGH/CRITICAL levels per CVE-2023-5221, with m...
CVE-2024-0426
CVE-2024-0426 affects ForU CMS older releases (up to 2020-06-23) via SQL injection in admin/cms_template.php by manipulating t_name/t_path. The issue enables remote exploitation with HIGH impact on confidentiality, integrity, and availability; the exploit has been disclosed publicly. Connected so...
CVE-2022-3943
CVE-2022-3943 ForU CMS involves a cross-site scripting vulnerability in the file cms_chip.php, caused by manipulation of the name/argument parameter. The issue is exploitable remotely and has been publicly disclosed (VDB-213450). Across connected sources, affected is an unknown function in cms_ch...
CVE-2023-5259
CVE-2023-5259 affects ForU CMS. The vulnerability is in /admin/cms_admin.php where manipulating the del parameter can cause a remote denial-of-service. The Red Hat entry confirms the same description. No version details or specific patch information are provided; the rolling-release nature of the...
CVE-2024-0729
CVE-2024-0729 pertains to ForU CMS, where the vulnerability exists in the file cms_admin.php and is triggered by manipulating the parameter a_name to cause a SQL injection. Affected versions are listed as up to 2020-06-23. The exploitation vector is not fully specified in the provided documents, ...
CVE-2024-0728
ForU CMS (up to 2020-06-23) contains a file inclusion vulnerability in channel.php triggered by manipulating the c_cmodel parameter. This affects an unknown functionality within channel.php and can be exploited remotely; the exploit has been disclosed publicly (VDB-251551). Several sources (NVD, ...