Ed01-Cms Project: Security Vulnerabilities
Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacker to obtain sensitive information via the categories.php component.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-04-25
ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-04-26
ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-04-26
ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-11-03
An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-11-03
ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2021-11-03