Security Vulnerabilities - CVEs Published In October 2024
WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-10-25
An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS).
CVSS Score
4.8
EPSS Score
0.001
Published
2024-10-25
Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).
CVSS Score
4.9
EPSS Score
0.001
Published
2024-10-25
funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-10-25
funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-10-25
An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in a Server-side request forgery (SSRF) vulnerability that can read server files.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-10-25
mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \app\setting\controller\ApiAdminSetting.php via the ICP parameter.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-10-25
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-10-25
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-10-25
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-10-25