arterli/CmsWing
GitHub
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 9.8 CRITICAL | 7.5 HIGH | ||
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule | |||
| 5.4 MEDIUM | 3.5 LOW | ||
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when an administrator accesses the content management module. | |||
| 5.4 MEDIUM | 3.5 LOW | ||
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when visitors access the article module. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands. | |||
| — | 5 MEDIUM | ||
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing. | |||