|
211011
|
9.8 |
CRITICAL
Network
|
eyoucms
|
eyoucms
|
SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.
|
CWE-89
SQL Injection
|
CVE-2020-24000
|
2024-11-21 14:14 |
2021-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211012
|
9.6 |
CRITICAL
Network
|
php-fusion
|
phpfusion
|
Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23754
|
2024-11-21 14:14 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211013
|
9.6 |
CRITICAL
Network
|
zibbs_project
|
zibbs
|
Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23719
|
2024-11-21 14:14 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211014
|
9.6 |
CRITICAL
Network
|
zibbs_project
|
zibbs
|
Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23718
|
2024-11-21 14:14 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211015
|
8.8 |
HIGH
Network
|
ayacms_project
|
ayacms
|
Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts.
|
CWE-352
Origin Validation Error
|
CVE-2020-23686
|
2024-11-21 14:14 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211016
|
9.8 |
CRITICAL
Network
|
vtimecn
|
188jianzhan
|
SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php.
|
CWE-89
SQL Injection
|
CVE-2020-23685
|
2024-11-21 14:14 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211017
|
5.3 |
MEDIUM
Network
|
discourse
|
discourse
|
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-24327
|
2024-11-21 14:14 |
2021-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211018
|
8.1 |
HIGH
Network
|
ponzu-cms
|
ponzu
|
A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accoun…
|
CWE-352
Origin Validation Error
|
CVE-2020-24130
|
2024-11-21 14:14 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211019
|
6.5 |
MEDIUM
Network
|
ok-file-formats_project
|
ok-file-formats
|
A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS)…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-23707
|
2024-11-21 14:14 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211020
|
6.5 |
MEDIUM
Network
|
ok-file-formats_project
|
ok-file-formats
|
A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_subsequent_scan() ok_jpg.c:1102 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-23706
|
2024-11-21 14:14 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
