Vulnerabilities (CVE)

Filtered by vendor Cmswing Subscribe
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-43736 1 Cmswing 1 Cmswing 2024-02-28 7.5 HIGH 9.8 CRITICAL
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule
CVE-2021-43735 1 Cmswing 1 Cmswing 2024-02-28 7.5 HIGH 9.8 CRITICAL
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.
CVE-2020-24993 1 Cmswing 1 Cmswing 2024-02-28 3.5 LOW 5.4 MEDIUM
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when visitors access the article module.
CVE-2020-24992 1 Cmswing 1 Cmswing 2024-02-28 3.5 LOW 5.4 MEDIUM
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when an administrator accesses the content management module.
CVE-2020-20295 1 Cmswing 1 Cmswing 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.
CVE-2020-20294 1 Cmswing 1 Cmswing 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.
CVE-2020-20296 1 Cmswing 1 Cmswing 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.
CVE-2019-7649 1 Cmswing 1 Cmswing 2024-02-28 5.0 MEDIUM 7.5 HIGH
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.