CVE-2021-37293
A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php.
Source: CVE-2021-37293
[월:] 2022년 04월
CVE-2021-37292
CVE-2021-37292
An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control.
Source: CVE-2021-37292
CVE-2021-37291
CVE-2021-37291
An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.
Source: CVE-2021-37291
CVE-2021-40219
CVE-2021-40219
Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.
Source: CVE-2021-40219
CVE-2022-1023
CVE-2022-1023
The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file
Source: CVE-2022-1023
CVE-2022-27111
CVE-2022-27111
Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it.
Source: CVE-2022-27111
CVE-2022-27156
CVE-2022-27156
Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.
Source: CVE-2022-27156
CVE-2022-1008
CVE-2022-1008
The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed
Source: CVE-2022-1008
CVE-2022-27115
CVE-2022-27115
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.
Source: CVE-2022-27115
CVE-2022-0531
CVE-2022-0531
The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting
Source: CVE-2022-0531