|
211021
|
6.1 |
MEDIUM
Network
|
hotels_server_project
|
hotels_server
|
Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php".
|
CWE-79
Cross-site Scripting
|
CVE-2020-18102
|
2024-11-21 14:08 |
2021-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211022
|
9.8 |
CRITICAL
Network
|
puppycms
|
puppycms
|
Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-18890
|
2024-11-21 14:08 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211023
|
7.5 |
HIGH
Network
|
puppycms
|
puppycms
|
Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php.
|
CWE-862
Missing Authorization
|
CVE-2020-18888
|
2024-11-21 14:08 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211024
|
6.5 |
MEDIUM
Network
|
puppycms
|
puppycms
|
Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php.
|
CWE-352
Origin Validation Error
|
CVE-2020-18889
|
2024-11-21 14:08 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211025
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-19114
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211026
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-19113
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211027
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-19112
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211028
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information.
|
CWE-287
Improper Authentication
|
CVE-2020-19111
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211029
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-19110
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211030
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-19109
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
