CVE-2020-20701

A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Source: CVE-2020-20701

CVE-2020-21806

SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php..

Source: CVE-2020-21806

CVE-2020-22761

Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php.

Source: CVE-2020-22761

CVE-2020-21809

SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php.

Source: CVE-2020-21809

CVE-2020-20698

A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.

Source: CVE-2020-20698

CVE-2020-19118

Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html.

Source: CVE-2020-19118

CVE-2020-21854

Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in the system management page.

Source: CVE-2020-21854

CVE-2020-18175

SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php.

Source: CVE-2020-18175

CVE-2020-10590

Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.

Source: CVE-2020-10590

CVE-2020-14999

A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data.

Source: CVE-2020-14999