CVE-2022-25494
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php.
Source: CVE-2022-25494
[월:] 2022년 03월
CVE-2022-25493
CVE-2022-25493
HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.
Source: CVE-2022-25493
CVE-2022-25497
CVE-2022-25497
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.
Source: CVE-2022-25497
CVE-2022-25495
CVE-2022-25495
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.
Source: CVE-2022-25495
CVE-2022-25487
CVE-2022-25487
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.
Source: CVE-2022-25487
CVE-2022-25498
CVE-2022-25498
CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.
Source: CVE-2022-25498
CVE-2022-25485
CVE-2022-25485
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.
Source: CVE-2022-25485
CVE-2022-25486
CVE-2022-25486
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.
Source: CVE-2022-25486
CVE-2022-25489
CVE-2022-25489
Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php.
Source: CVE-2022-25489
CVE-2022-25488
CVE-2022-25488
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.
Source: CVE-2022-25488