Search Results (362531 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-19151 1 Jflyfox 1 Jfinal Cms 2024-11-21 8.8 High
Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.
CVE-2020-19150 1 Jflyfox 1 Jfinal Cms 2024-11-21 8.1 High
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'.
CVE-2020-19148 1 Jflyfox 1 Jfinal Cms 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.
CVE-2020-19147 1 Jflyfox 1 Jfinal Cms 2024-11-21 6.5 Medium
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'.
CVE-2020-19146 1 Jflyfox 1 Jfinal Cms 2024-11-21 6.5 Medium
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.
CVE-2020-19144 3 Debian, Netapp, Simplesystems 3 Debian Linux, Ontap Select Deploy Administration Utility, Libtiff 2024-11-21 6.5 Medium
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.
CVE-2020-19143 2 Debian, Simplesystems 2 Debian Linux, Libtiff 2024-11-21 6.5 Medium
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'.
CVE-2020-19142 1 Idreamsoft 1 Icms 2024-11-21 9.8 Critical
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.
CVE-2020-19138 1 Dotcms 1 Dotcms 2024-11-21 9.8 Critical
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".
CVE-2020-19137 1 Autumn Project 1 Autumn 2024-11-21 7.5 High
Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10".
CVE-2020-19131 3 Debian, Redhat, Simplesystems 3 Debian Linux, Enterprise Linux, Libtiff 2024-11-21 7.5 High
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".
CVE-2020-19118 1 Yzmcms 1 Yzmcms 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html.
CVE-2020-19114 1 Projectworlds 1 Online Book Store Project In Php 2024-11-21 9.8 Critical
SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
CVE-2020-19113 1 Projectworlds 1 Online Book Store Project In Php 2024-11-21 9.8 Critical
Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.
CVE-2020-19112 1 Projectworlds 1 Online Book Store Project In Php 2024-11-21 9.8 Critical
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.
CVE-2020-19111 1 Projectworlds 1 Online Book Store Project In Php 2024-11-21 9.8 Critical
Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information.
CVE-2020-19110 1 Projectworlds 1 Online Book Store Project In Php 2024-11-21 9.8 Critical
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code.
CVE-2020-19109 1 Projectworlds 1 Online Book Store Project In Php 2024-11-21 9.8 Critical
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code.
CVE-2020-19108 1 Projectworlds 1 Online Book Store Project In Php 2024-11-21 9.8 Critical
SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code.
CVE-2020-19107 1 Projectworlds 1 Online Book Store Project In Php 2024-11-21 9.8 Critical
SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.