|
211131
|
5.3 |
MEDIUM
Network
|
popojicms
|
popojicms
|
An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-21356
|
2024-11-21 14:12 |
2021-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211132
|
5.4 |
MEDIUM
Network
|
get-simple
|
getsimplecms
|
A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets mod…
|
CWE-79
Cross-site Scripting
|
CVE-2020-21353
|
2024-11-21 14:12 |
2021-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211133
|
6.1 |
MEDIUM
Network
|
tidesec
|
wdscanner
|
Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in the system management page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-21854
|
2024-11-21 14:12 |
2021-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211134
|
9.8 |
CRITICAL
Network
|
nukeviet
|
nukeviet
|
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php.
|
CWE-89
SQL Injection
|
CVE-2020-21809
|
2024-11-21 14:12 |
2021-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211135
|
9.8 |
CRITICAL
Network
|
nukeviet
|
nukeviet
|
SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php.
|
CWE-89
SQL Injection
|
CVE-2020-21808
|
2024-11-21 14:12 |
2021-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211136
|
9.8 |
CRITICAL
Network
|
ectouch
|
ectouch
|
SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php..
|
CWE-89
SQL Injection
|
CVE-2020-21806
|
2024-11-21 14:12 |
2021-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211137
|
4.8 |
MEDIUM
Network
|
s-cms
|
s-cms
|
A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
CWE-79
Cross-site Scripting
|
CVE-2020-20701
|
2024-11-21 14:12 |
2021-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211138
|
4.8 |
MEDIUM
Network
|
s-cms
|
s-cms
|
A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text …
|
CWE-79
Cross-site Scripting
|
CVE-2020-20700
|
2024-11-21 14:12 |
2021-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211139
|
4.8 |
MEDIUM
Network
|
s-cms
|
s-cms
|
A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.
|
CWE-79
Cross-site Scripting
|
CVE-2020-20699
|
2024-11-21 14:12 |
2021-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211140
|
7.2 |
HIGH
Network
|
s-cms
|
s-cms
|
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.
|
CWE-862
Missing Authorization
|
CVE-2020-20698
|
2024-11-21 14:12 |
2021-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
