Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-53821
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the `nextPage` parameter, leading to an uncontrolled redirection. Version 3.4.5 contains a fix for the issue.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-07-14
CVE-2025-53820
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `index.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `erro` parameter. Version 3.4.5 contains a patch for the issue.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-07-14
CVE-2025-51655
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-07-14
CVE-2025-51656
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-07-14
CVE-2025-51657
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-07-14
CVE-2025-51658
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-07-14
CVE-2025-51659
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-07-14
CVE-2025-51660
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-07-14
CVE-2025-51650
An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.
CVSS Score
5.6
EPSS Score
0.001
Published
2025-07-14
CVE-2025-51651
An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attackers to download arbitrary files via a crafted GET request.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-07-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved