3 matches found
CVE-2022-32101
CVE-2022-32101 affects kkcms v1.3.7. The vulnerability is a SQL injection in the cid parameter of /template/wapian/vlist.php, caused by insufficient input filtering. Documents from multiple sources describe that an attacker can execute arbitrary SQL to access or exfiltrate data, potentially compr...
CVE-2019-16706
The CVE-2019-16706 entry concerns kkcms v1.3, where a CSRF vulnerability allows an attacker to add a new user via admin/cms_user_add.php. The vulnerability affects the CMS component responsible for user management and is evidenced by multiple feeds (NVD entry notes CSRF with impact to confidentia...
CVE-2019-16923
CVE-2019-16923 affects kkcms 1.3 and is described as an XSS via the parameter jx.php?url=. The connected Red Hat and NVD records corroborate the same description (kkcms 1.3 has jx.php?url= XSS). Details on affected versions beyond 1.3, exact impact, exploit status, or remediation are not provided...