lolipop1234/XXD

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-21649 ↗	Oct 6, 2021Wednesday, 6 October 2021, 22:15	8.1 HIGH	5.5 MEDIUM
Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method.
CVE-2020-21650 ↗	Oct 6, 2021Wednesday, 6 October 2021, 22:15	8.8 HIGH	6.5 MEDIUM
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method.
CVE-2020-21651 ↗	Oct 6, 2021Wednesday, 6 October 2021, 22:15	9.8 CRITICAL	7.5 HIGH
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method.
CVE-2020-21652 ↗	Oct 6, 2021Wednesday, 6 October 2021, 22:15	9.8 CRITICAL	7.5 HIGH
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method.
CVE-2020-21653 ↗	Oct 6, 2021Wednesday, 6 October 2021, 22:15	9.1 CRITICAL	6.4 MEDIUM
Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sj() method.
CVE-2019-17417 ↗	Oct 10, 2019Thursday, 10 October 2019, 01:06	4.8 MEDIUM	3.5 LOW
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.
CVE-2019-16704 ↗	Sep 23, 2019Monday, 23 September 2019, 04:15	4.8 MEDIUM	3.5 LOW
admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS.