Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2024
An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.001
Published
2024-10-25
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file.
CVSS Score
6.5
EPSS Score
0.005
Published
2024-10-25
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java file
CVSS Score
6.5
EPSS Score
0.005
Published
2024-10-25
WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-10-25
WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-10-25
An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS).
CVSS Score
4.8
EPSS Score
0.001
Published
2024-10-25
Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).
CVSS Score
4.9
EPSS Score
0.003
Published
2024-10-25
funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-10-25
funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-10-25
An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in a Server-side request forgery (SSRF) vulnerability that can read server files.
CVSS Score
4.9
EPSS Score
0.002
Published
2024-10-25


Contact Us

Shodan ® - All rights reserved