|
209041
|
6.1 |
MEDIUM
Network
|
lepton-cms
|
leptoncms
|
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24872
|
2024-11-21 14:16 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209042
|
6.5 |
MEDIUM
Network
|
cms-dev
|
cms
|
Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-24804
|
2024-11-21 14:16 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209043
|
7.5 |
HIGH
Network
|
nexusphp
|
nexusphp
|
Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content.
|
CWE-863
Incorrect Authorization
|
CVE-2020-24771
|
2024-11-21 14:16 |
2022-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209044
|
9.8 |
CRITICAL
Network
|
nexusphp
|
nexusphp
|
SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2020-24770
|
2024-11-21 14:16 |
2022-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209045
|
9.8 |
CRITICAL
Network
|
nexusphp
|
nexusphp
|
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.
|
CWE-89
SQL Injection
|
CVE-2020-24769
|
2024-11-21 14:16 |
2022-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209046
|
8.8 |
HIGH
Network
|
clash_project
|
clash
|
In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. …
|
CWE-346
Origin Validation Error
|
CVE-2020-24772
|
2024-11-21 14:16 |
2022-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209047
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.
|
NVD-CWE-noinfo
|
CVE-2020-24743
|
2024-11-21 14:16 |
2021-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209048
|
9.8 |
CRITICAL
Network
|
sourcecodester
|
complaint_management_system
|
An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.
|
CWE-89
SQL Injection
|
CVE-2020-24932
|
2024-11-21 14:16 |
2021-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209049
|
8.1 |
HIGH
Network
|
wuzhicms
|
wuzhicms
|
Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attacke…
|
NVD-CWE-noinfo
|
CVE-2020-24930
|
2024-11-21 14:16 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209050
|
7.8 |
HIGH
Local
|
qt
|
qt
|
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
|
NVD-CWE-noinfo
|
CVE-2020-24742
|
2024-11-21 14:16 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
