|
213171
|
9.8 |
CRITICAL
Network
|
8cms
|
ljcms
|
An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-20979
|
2024-11-21 14:12 |
2021-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213172
|
5.4 |
MEDIUM
Network
|
ukcms
|
ukcms
|
A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section.
|
CWE-79
Cross-site Scripting
|
CVE-2020-20977
|
2024-11-21 14:12 |
2021-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213173
|
9.8 |
CRITICAL
Network
|
gxlcms
|
gxlcms
|
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.
|
CWE-89
SQL Injection
|
CVE-2020-20975
|
2024-11-21 14:12 |
2021-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213174
|
6.5 |
MEDIUM
Network
|
maccms
|
maccms
|
An arbitrary file deletion vulnerability exists within Maccms10.
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2020-21363
|
2024-11-21 14:12 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213175
|
5.4 |
MEDIUM
Network
|
maccms
|
maccms
|
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-21362
|
2024-11-21 14:12 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213176
|
9.8 |
CRITICAL
Network
|
maccms
|
maccms
|
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the en…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-21359
|
2024-11-21 14:12 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213177
|
8.8 |
HIGH
Network
|
newsone_cms_project
|
newsone_cms
|
An arbitrary file upload in the <input type="file" name="user_image"> component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-21976
|
2024-11-21 14:12 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213178
|
5.4 |
MEDIUM
Network
|
eyoucms
|
eyoucms
|
A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2020-21930
|
2024-11-21 14:12 |
2021-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213179
|
5.4 |
MEDIUM
Network
|
eyoucms
|
eyoucms
|
A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2020-21929
|
2024-11-21 14:12 |
2021-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213180
|
6.5 |
MEDIUM
Network
|
ffmpeg
debian
|
ffmpeg
debian_linux
|
A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.
|
CWE-416
Use After Free
|
CVE-2020-21697
|
2024-11-21 14:12 |
2021-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
