|
213581
|
6.5 |
MEDIUM
Network
|
puppycms
|
puppycms
|
Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php.
|
CWE-352
Origin Validation Error
|
CVE-2020-18889
|
2024-11-21 14:08 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213582
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-19114
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213583
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-19113
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213584
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-19112
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213585
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information.
|
CWE-287
Improper Authentication
|
CVE-2020-19111
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213586
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-19110
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213587
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-19109
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213588
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-19108
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213589
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-19107
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213590
|
6.1 |
MEDIUM
Network
|
yzmcms
|
yzmcms
|
Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html…
|
CWE-79
Cross-site Scripting
|
CVE-2020-18084
|
2024-11-21 14:08 |
2021-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
