Filtered by vendor Cmswing
Subscribe
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43736 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule
|
|||||
| CVE-2021-43735 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.
|
|||||
| CVE-2020-24993 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when visitors access the article module.
|
|||||
| CVE-2020-24992 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when an administrator accesses the content management module.
|
|||||
| CVE-2020-20296 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.
|
|||||
| CVE-2020-20295 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.
|
|||||
| CVE-2020-20294 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.
|
|||||
| CVE-2019-7649 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.
|
|||||