Timgreen: Security Vulnerabilities
The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability.
CVSS Score
9.8
EPSS Score
0.015
Published
2024-11-15
python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-11-15
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin.
CVSS Score
9.3
EPSS Score
0.001
Published
2024-11-08
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17
CVSS Score
6.3
EPSS Score
0.0
Published
2024-10-28
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17
CVSS Score
6.3
EPSS Score
0.0
Published
2024-10-28
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code
CVSS Score
6.1
EPSS Score
0.001
Published
2024-10-16
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate
CVSS Score
6.3
EPSS Score
0.0
Published
2024-09-25
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31
CVSS Score
4.7
EPSS Score
0.0
Published
2024-09-25