|
209521
|
9.8 |
CRITICAL
Network
|
dotcms
|
dotcms
|
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-19138
|
2024-11-21 14:08 |
2021-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209522
|
7.5 |
HIGH
Network
|
autumn_project
|
autumn
|
Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10".
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-19137
|
2024-11-21 14:08 |
2021-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209523
|
7.5 |
HIGH
Network
|
simplesystems
debian
|
libtiff
debian_linux
|
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".
|
CWE-787
Out-of-bounds Write
|
CVE-2020-19131
|
2024-11-21 14:08 |
2021-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209524
|
9.8 |
CRITICAL
Network
|
bertanddip
|
craigms
|
An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field.
|
CWE-77
Command Injection
|
CVE-2020-18048
|
2024-11-21 14:08 |
2021-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209525
|
5.4 |
MEDIUM
Network
|
mybb
|
mybb
|
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST …
|
CWE-79
Cross-site Scripting
|
CVE-2020-19049
|
2024-11-21 14:08 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209526
|
5.4 |
MEDIUM
Network
|
mybb
|
mybb
|
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP r…
|
CWE-79
Cross-site Scripting
|
CVE-2020-19048
|
2024-11-21 14:08 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209527
|
8.8 |
HIGH
Network
|
iwebshop
|
iwebshop
|
Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component '/index.php?controller=system&action=admin_edit_act'.
|
CWE-352
Origin Validation Error
|
CVE-2020-19047
|
2024-11-21 14:08 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209528
|
5.4 |
MEDIUM
Network
|
s-cms
|
s-cms
|
Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19046
|
2024-11-21 14:08 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209529
|
6.5 |
MEDIUM
Network
|
indexhibit
|
indexhibit
|
An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files.
|
CWE-22
Path Traversal
|
CVE-2020-18127
|
2024-11-21 14:08 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209530
|
5.4 |
MEDIUM
Network
|
indexhibit
|
indexhibit
|
Multiple stored cross-site scripting (XSS) vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2020-18126
|
2024-11-21 14:08 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
