Cmswing: >> Cmswing Security Vulnerabilities
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-03-23
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule
CVSS Score
9.8
EPSS Score
0.029
Published
2022-03-23
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when an administrator accesses the content management module.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-05-17
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when visitors access the article module.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-05-17
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.015
Published
2021-02-01
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-02-01
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-02-01
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-02-17