|
210971
|
8.8 |
HIGH
Network
|
pbootcms
|
pbootcms
|
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.
|
CWE-352
Origin Validation Error
|
CVE-2020-20971
|
2024-11-21 14:12 |
2022-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210972
|
8.1 |
HIGH
Network
|
tinyrise
|
tinyshop
|
A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms.
|
NVD-CWE-noinfo
|
CVE-2020-21554
|
2024-11-21 14:12 |
2022-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210973
|
9.8 |
CRITICAL
Network
|
chshcms
|
cscms
|
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-21238
|
2024-11-21 14:12 |
2021-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210974
|
9.8 |
CRITICAL
Network
|
8cms
|
ljcms
|
An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-21237
|
2024-11-21 14:12 |
2021-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210975
|
8.8 |
HIGH
Network
|
damicms
|
damicms
|
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.
|
CWE-352
Origin Validation Error
|
CVE-2020-21236
|
2024-11-21 14:12 |
2021-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210976
|
7.5 |
HIGH
Network
|
jeecg
|
jeecg
|
An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-20948
|
2024-11-21 14:12 |
2021-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210977
|
5.4 |
MEDIUM
Network
|
qibosoft
|
qibosoft
|
Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add.
|
CWE-79
Cross-site Scripting
|
CVE-2020-20946
|
2024-11-21 14:12 |
2021-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210978
|
8.8 |
HIGH
Network
|
qibosoft
|
qibosoft
|
A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts.
|
CWE-352
Origin Validation Error
|
CVE-2020-20945
|
2024-11-21 14:12 |
2021-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210979
|
9.1 |
CRITICAL
Network
|
qibosoft
|
qibosoft
|
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files.
|
CWE-22
Path Traversal
|
CVE-2020-20944
|
2024-11-21 14:12 |
2021-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210980
|
4.3 |
MEDIUM
Network
|
qibosoft
|
qibosoft
|
A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL.
|
CWE-352
Origin Validation Error
|
CVE-2020-20943
|
2024-11-21 14:12 |
2021-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
