Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363801 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-20392 | 1 Txjia | 1 Imcat | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php. | ||||
| CVE-2020-20391 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets. | ||||
| CVE-2020-20389 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php. | ||||
| CVE-2020-20363 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 4.8 Medium |
| Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php. | ||||
| CVE-2020-20349 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | 5.4 Medium |
| WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module. | ||||
| CVE-2020-20348 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | 5.4 Medium |
| WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module. | ||||
| CVE-2020-20347 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | 5.4 Medium |
| WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module. | ||||
| CVE-2020-20345 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | 5.4 Medium |
| WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box. | ||||
| CVE-2020-20344 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | 5.4 Medium |
| WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background articles module. | ||||
| CVE-2020-20343 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | 6.5 Medium |
| WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background. | ||||
| CVE-2020-20341 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 7.5 High |
| YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. | ||||
| CVE-2020-20340 | 1 S-cms | 1 S-cms | 2024-11-21 | 7.5 High |
| A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information. | ||||
| CVE-2020-20300 | 1 Weiphp | 1 Weiphp | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in the wp_where function in WeiPHP 5.0. | ||||
| CVE-2020-20299 | 1 Weiphp | 1 Weiphp | 2024-11-21 | 7.5 High |
| WeiPHP 5.0 does not properly restrict access to pages, related to using POST. | ||||
| CVE-2020-20298 | 1 Zzzcms | 1 Zzzphp | 2024-11-21 | 9.8 Critical |
| Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. | ||||
| CVE-2020-20296 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 9.8 Critical |
| An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands. | ||||
| CVE-2020-20295 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 9.8 Critical |
| An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands. | ||||
| CVE-2020-20294 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 9.8 Critical |
| An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands. | ||||
| CVE-2020-20290 | 1 Yccms | 1 Yccms | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability. | ||||
| CVE-2020-20289 | 1 Yccms | 1 Yccms | 2024-11-21 | 9.8 Critical |
| Sql injection vulnerability in the yccms 3.3 project. The no_top function's improper judgment of the request parameters, triggers a sql injection vulnerability. | ||||