CVE-2021-43735
- EPSS 0.48%
- Veröffentlicht 23.03.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:29:41
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.
CVE-2021-43736
- EPSS 2.9%
- Veröffentlicht 23.03.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:29:41
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule
CVE-2020-24992
- EPSS 0.17%
- Veröffentlicht 17.05.2021 19:15:07
- Zuletzt bearbeitet 21.11.2024 05:16:23
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when an administrator accesses the content management module.
CVE-2020-24993
- EPSS 0.17%
- Veröffentlicht 17.05.2021 19:15:07
- Zuletzt bearbeitet 21.11.2024 05:16:24
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when visitors access the article module.
CVE-2020-20294
- EPSS 1.46%
- Veröffentlicht 01.02.2021 18:15:13
- Zuletzt bearbeitet 21.11.2024 05:12:00
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.
CVE-2020-20295
- EPSS 0.51%
- Veröffentlicht 01.02.2021 18:15:13
- Zuletzt bearbeitet 21.11.2024 05:12:00
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.
CVE-2020-20296
- EPSS 0.51%
- Veröffentlicht 01.02.2021 18:15:13
- Zuletzt bearbeitet 21.11.2024 05:12:00
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.
CVE-2019-7649
- EPSS 0.12%
- Veröffentlicht 17.02.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:48:27
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.