CVE-2019-18816
- EPSS 0.33%
- Veröffentlicht 07.11.2019 17:15:15
- Zuletzt bearbeitet 21.11.2024 04:33:37
po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS.
CVE-2019-9549
- EPSS 0.14%
- Veröffentlicht 03.03.2019 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:51:50
An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935.
CVE-2018-18934
- EPSS 0.13%
- Veröffentlicht 05.11.2018 09:29:00
- Zuletzt bearbeitet 21.11.2024 03:56:54
An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be ex...
CVE-2018-18935
- EPSS 0.12%
- Veröffentlicht 05.11.2018 09:29:00
- Zuletzt bearbeitet 21.11.2024 03:56:54
An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account.
CVE-2018-18936
- EPSS 0.55%
- Veröffentlicht 05.11.2018 09:29:00
- Zuletzt bearbeitet 21.11.2024 03:56:54
An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote attackers to delete arbitrary files via directory traversal in the po-admin/route.php?mod=library&act=delete id parameter.