CVE-2020-23979
13enforme CMS 1.0 has SQL Injection via the ‘content.php’ id parameter.
Source: CVE-2020-23979
[월:] 2020년 08월
CVE-2020-23982
CVE-2020-23982
DesignMasterEvents Conference management 1.0.0 has cross site scripting via the ‘certificate.php’
Source: CVE-2020-23982
CVE-2020-23984
CVE-2020-23984
Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags.
Source: CVE-2020-23984
CVE-2020-23978
CVE-2020-23978
SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php"
Source: CVE-2020-23978
CVE-2020-23977
CVE-2020-23977
KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the ‘team.php,player.php,club.php’ id parameter.
Source: CVE-2020-23977
CVE-2020-23976
CVE-2020-23976
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the ‘content.php’ id parameter.
Source: CVE-2020-23976
CVE-2020-23975
CVE-2020-23975
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the ‘search.php’ id parameter.
Source: CVE-2020-23975
CVE-2020-23974
CVE-2020-23974
Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags).
Source: CVE-2020-23974
CVE-2020-23973
CVE-2020-23973
KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the ‘team.php,player.php,club.php’ id parameter.
Source: CVE-2020-23973
CVE-2020-23972
CVE-2020-23972
In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.
Source: CVE-2020-23972