Vulnerabilities (CVE)

Filtered by vendor Comsenz Subscribe
Filtered by product Duomicms
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18084 1 Comsenz 1 Duomicms 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter.
CVE-2018-18083 1 Comsenz 1 Duomicms 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing.