|
208931
|
9.8 |
CRITICAL
Network
|
puppycms
|
puppycms
|
Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-18890
|
2024-11-21 14:08 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208932
|
7.5 |
HIGH
Network
|
puppycms
|
puppycms
|
Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php.
|
CWE-862
Missing Authorization
|
CVE-2020-18888
|
2024-11-21 14:08 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208933
|
6.5 |
MEDIUM
Network
|
puppycms
|
puppycms
|
Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php.
|
CWE-352
Origin Validation Error
|
CVE-2020-18889
|
2024-11-21 14:08 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208934
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-19114
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208935
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-19113
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208936
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-19112
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208937
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information.
|
CWE-287
Improper Authentication
|
CVE-2020-19111
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208938
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-19110
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208939
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-19109
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208940
|
9.8 |
CRITICAL
Network
|
projectworlds
|
online_book_store_project_in_php
|
SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-19108
|
2024-11-21 14:08 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
