Filtered by vendor Cmswing
Subscribe
Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-43736 | 1 Cmswing | 1 Cmswing | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule | |||||
CVE-2021-43735 | 1 Cmswing | 1 Cmswing | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule. | |||||
CVE-2020-24993 | 1 Cmswing | 1 Cmswing | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when visitors access the article module. | |||||
CVE-2020-24992 | 1 Cmswing | 1 Cmswing | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when an administrator accesses the content management module. | |||||
CVE-2020-20295 | 1 Cmswing | 1 Cmswing | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands. | |||||
CVE-2020-20294 | 1 Cmswing | 1 Cmswing | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands. | |||||
CVE-2020-20296 | 1 Cmswing | 1 Cmswing | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands. | |||||
CVE-2019-7649 | 1 Cmswing | 1 Cmswing | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing. |