|
210951
|
9.8 |
CRITICAL
Network
|
publiccms
|
publiccms
|
SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl.
|
CWE-89
SQL Injection
|
CVE-2020-20915
|
2024-11-21 14:12 |
2023-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210952
|
9.8 |
CRITICAL
Network
|
publiccms
|
publiccms
|
SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter.
|
CWE-89
SQL Injection
|
CVE-2020-20914
|
2024-11-21 14:12 |
2023-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210953
|
9.8 |
CRITICAL
Network
|
mingsoft
|
mcms
|
SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter.
|
CWE-89
SQL Injection
|
CVE-2020-20913
|
2024-11-21 14:12 |
2023-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210954
|
6.1 |
MEDIUM
Network
|
kitesky
|
kitecms
|
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-20522
|
2024-11-21 14:12 |
2023-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210955
|
6.1 |
MEDIUM
Network
|
kitesky
|
kitecms
|
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-20521
|
2024-11-21 14:12 |
2023-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210956
|
9.8 |
CRITICAL
Network
|
uqcms
|
uqcms
|
SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num.
|
CWE-89
SQL Injection
|
CVE-2020-21120
|
2024-11-21 14:12 |
2023-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210957
|
9.8 |
CRITICAL
Network
|
kliqqi
|
kliqqi_cms
|
SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to gain escalated privileges and execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-21119
|
2024-11-21 14:12 |
2023-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210958
|
9.8 |
CRITICAL
Network
|
inxedu
|
inxedu
|
SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execute arbitrary commands via the functionIds parameter to /saverolefunction.
|
CWE-89
SQL Injection
|
CVE-2020-21152
|
2024-11-21 14:12 |
2023-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210959
|
6.1 |
MEDIUM
Network
|
netgate
|
pfsense
acme
|
Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certific…
|
CWE-79
Cross-site Scripting
|
CVE-2020-21219
|
2024-11-21 14:12 |
2022-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210960
|
6.1 |
MEDIUM
Network
|
feehi
|
feehicms
|
Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.
|
CWE-79
Cross-site Scripting
|
CVE-2020-20589
|
2024-11-21 14:12 |
2022-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
