• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2020-18917

February 26, 2023 by

The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker’s control.

CVE-2020-18964

February 26, 2023 by

Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges.

CVE-2020-18648

February 26, 2023 by

Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote attackers to gain local privileges via the component “JuQingCMS_v1.0/admin/index.php?c=administrator&a=add”.

CVE-2020-18694

February 26, 2023 by

Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote attackers to obtain sensitive information and gain privilege via the component “/admin/profile/save_profile”.

CVE-2020-18454

February 26, 2023 by

Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html.

CVE-2020-18457

February 26, 2023 by

Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 150
  • Go to page 151
  • Go to page 152
  • Go to page 153
  • Go to page 154
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE