Filtered by vendor Cmswing
Subscriptions
Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-43736 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 9.8 Critical |
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule | ||||
CVE-2021-43735 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 9.8 Critical |
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule. | ||||
CVE-2020-24993 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 5.4 Medium |
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when visitors access the article module. | ||||
CVE-2020-24992 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 5.4 Medium |
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when an administrator accesses the content management module. | ||||
CVE-2020-20296 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 9.8 Critical |
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands. | ||||
CVE-2020-20295 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 9.8 Critical |
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands. | ||||
CVE-2020-20294 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 9.8 Critical |
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands. | ||||
CVE-2019-7649 | 1 Cmswing | 1 Cmswing | 2024-11-21 | N/A |
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing. |
Page 1 of 1.