QianGeG/CVE

GitHub

github.com

Releases0

Stars1

cve Apply for

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-35510 ↗	May 28, 2024Tuesday, 28 May 2024, 20:16	9.8 CRITICAL	—
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-33749 ↗	May 6, 2024Monday, 6 May 2024, 13:15	9.1 CRITICAL	—
DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php.
CVE-2024-22569 ↗	Jan 31, 2024Wednesday, 31 January 2024, 02:15	5.4 MEDIUM	—
Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0.
CVE-2024-22570 ↗	Jan 29, 2024Monday, 29 January 2024, 20:15	5.4 MEDIUM	—
A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-6772 ↗	Dec 13, 2023Wednesday, 13 December 2023, 19:15	4.7 MEDIUM	5.8 MEDIUM
A vulnerability, which was classified as critical, was found in OTCMS 7.01. Affected is an unknown function of the file /admin/ind_backstage.php. The manipulation of the argument sqlContent leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247908.
CVE-2023-46378 ↗	Oct 31, 2023Tuesday, 31 October 2023, 23:15	5.4 MEDIUM	—
Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.
CVE-2023-46040 ↗	Oct 31, 2023Tuesday, 31 October 2023, 02:15	5.4 MEDIUM	—
Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function.
CVE-2023-46042 ↗	Oct 19, 2023Thursday, 19 October 2023, 15:15	9.8 CRITICAL	—
An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo().
CVE-2023-45909 ↗	Oct 18, 2023Wednesday, 18 October 2023, 23:15	6.1 MEDIUM	—
zzzcms v2.2.0 was discovered to contain an open redirect vulnerability.
CVE-2023-42331 ↗	Sep 20, 2023Wednesday, 20 September 2023, 20:15	8.8 HIGH	—
A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component.
CVE-2023-5015 ↗	Sep 17, 2023Sunday, 17 September 2023, 02:15	3.5 LOW	4 MEDIUM
A vulnerability was found in UCMS 1.4.7. It has been classified as problematic. Affected is an unknown function of the file ajax.php?do=strarraylist. The manipulation of the argument strdefault leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239856.
CVE-2023-37049 ↗	Jul 26, 2023Wednesday, 26 July 2023, 13:15	6.5 MEDIUM	—
emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php.