|
210141
|
9.8 |
CRITICAL
Network
|
dedecms
|
dedecms
|
An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-18114
|
2024-11-21 14:08 |
2021-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210142
|
9.8 |
CRITICAL
Network
|
wms_project
|
wms
|
The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.
|
CWE-89
SQL Injection
|
CVE-2020-18106
|
2024-11-21 14:08 |
2021-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210143
|
6.1 |
MEDIUM
Network
|
jupo
|
mezzanine
|
Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than …
|
CWE-79
Cross-site Scripting
|
CVE-2020-19002
|
2024-11-21 14:08 |
2021-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210144
|
9.8 |
CRITICAL
Network
|
simiki_project
|
simiki
|
Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'.
|
CWE-77
Command Injection
|
CVE-2020-19001
|
2024-11-21 14:08 |
2021-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210145
|
6.1 |
MEDIUM
Network
|
simiki_project
|
simiki
|
Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary code via line 54 of the component 'simiki/blob/master/simiki/generators.py'.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19000
|
2024-11-21 14:08 |
2021-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210146
|
6.1 |
MEDIUM
Network
|
blog_mini_project
|
blog_mini
|
Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'.
|
CWE-79
Cross-site Scripting
|
CVE-2020-18999
|
2024-11-21 14:08 |
2021-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210147
|
6.1 |
MEDIUM
Network
|
blog_mini_project
|
blog_mini
|
Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/custom/blog-plugin/add'.
|
CWE-79
Cross-site Scripting
|
CVE-2020-18998
|
2024-11-21 14:08 |
2021-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210148
|
8.8 |
HIGH
Network
|
hucart
|
hucart
|
SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field.
|
CWE-89
SQL Injection
|
CVE-2020-18477
|
2024-11-21 14:08 |
2021-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210149
|
8.8 |
HIGH
Network
|
hucart
|
hucart
|
SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.
|
CWE-89
SQL Injection
|
CVE-2020-18476
|
2024-11-21 14:08 |
2021-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210150
|
5.4 |
MEDIUM
Network
|
hucart
|
hucart
|
Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field. The first user inserts a malicious script into the header field of the outbox and sends it to other user…
|
CWE-79
Cross-site Scripting
|
CVE-2020-18475
|
2024-11-21 14:08 |
2021-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
