|
198121
|
9.8 |
CRITICAL
Network
|
bloofox
|
bloofoxcms
|
File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-36082
|
2024-11-21 14:28 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198122
|
8.8 |
HIGH
Network
|
wuzhicms
|
wuzhicms
|
An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.
|
NVD-CWE-noinfo
|
CVE-2020-36037
|
2024-11-21 14:28 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198123
|
9.8 |
CRITICAL
Network
|
school_faculty_scheduling_system_project
|
school_faculty_scheduling_system
|
SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via craft…
|
CWE-89
SQL Injection
|
CVE-2020-36034
|
2024-11-21 14:28 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198124
|
5.5 |
MEDIUM
Local
|
freedesktop
|
poppler
|
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-36024
|
2024-11-21 14:28 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198125
|
6.5 |
MEDIUM
Network
|
freedesktop
|
poppler
|
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-36023
|
2024-11-21 14:28 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198126
|
8.8 |
HIGH
Network
|
flycms_project
|
flycms
|
Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.
|
CWE-352
Origin Validation Error
|
CVE-2020-36065
|
2024-11-21 14:28 |
2023-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198127
|
9.8 |
CRITICAL
Network
|
thecontrolgroup
|
voyager
|
Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-36070
|
2024-11-21 14:28 |
2023-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198128
|
8.8 |
HIGH
Network
|
tailor_mangement_system_project
|
tailor_mangement_system
|
SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the customer parameter of the orderadd.php file
|
CWE-89
SQL Injection
|
CVE-2020-36077
|
2024-11-21 14:28 |
2023-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198129
|
8.8 |
HIGH
Network
|
tailor_mangement_system_project
|
tailor_mangement_system
|
SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the title parameter.
|
CWE-89
SQL Injection
|
CVE-2020-36074
|
2024-11-21 14:28 |
2023-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198130
|
8.8 |
HIGH
Network
|
tailor_management_system_project
|
tailor_management_system
|
SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the detail parameter of the document.php page.
|
CWE-89
SQL Injection
|
CVE-2020-36073
|
2024-11-21 14:28 |
2023-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
