CVE-2018-20589

The CVE-2018-20589 entry concerns Ivan Cordoba Generic Content Management System (CMS) up to 2018-04-28, affected by a cross-site scripting (XSS) flaw in Administrator/add_pictures.php that relies on an article ID. Technical detail across connected sources specifies the vulnerability as XSS in th...

CVE-2018-20590

CVE-2018-20590 affects the Ivan Cordoba Generic Content Management System (CMS) up to 2018-04-28. The vulnerability is a Cross-Site Scripting (XSS) flaw in the file or path used by the Administrator/users.php user ID. The linked CNVD entry describes that the XSS can allow execution of arbitrary J...

CVE-2018-20569

The CVE-2018-20569 entry applies to the Ivan Cordoba Generic Content Management System (CMS) and concerns a SQL injection vulnerability in the file user/index.php up to 2018-04-28. The root cause is improper input handling in the authentication logic, enabling a bypass of authentication. If explo...

CVE-2018-20568

The CVE-2018-20568 entry concerns Ivan Cordoba Generic Content Management System (CMS). The vulnerability is a SQL injection in Administrator/index.php up to 2018-04-28 that can bypass authentication. Connected sources confirm the affected component and the root cause but do not provide a concret...