j0k3rsec/vuln_repo

j0k3rsec/vuln_repo

Releases0

Stars6

vulnerability

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-19954 ↗	Oct 14, 2021Thursday, 14 October 2021, 15:15	7.5 HIGH	5 MEDIUM
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.
CVE-2020-19957 ↗	Oct 14, 2021Thursday, 14 October 2021, 15:15	7.5 HIGH	5 MEDIUM
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.
CVE-2020-19959 ↗	Oct 14, 2021Thursday, 14 October 2021, 15:15	7.5 HIGH	5 MEDIUM
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie.
CVE-2020-19960 ↗	Oct 14, 2021Thursday, 14 October 2021, 15:15	7.5 HIGH	5 MEDIUM
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.
CVE-2020-19961 ↗	Oct 14, 2021Thursday, 14 October 2021, 15:15	7.5 HIGH	5 MEDIUM
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.
CVE-2020-19962 ↗	Oct 14, 2021Thursday, 14 October 2021, 15:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts.
CVE-2019-13969 ↗	Jul 19, 2019Friday, 19 July 2019, 06:15	—	6.5 MEDIUM
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.