| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete. |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update. |
| Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\/category\/add. |
| An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete. |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete. |
| Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex. |
| A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to this vulnerability. |
| An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter. |
| An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information. |
| SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in the SEMCMS_SeoAndTag.php component. |
| Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page. |
| A vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218294 is the identifier assigned to this vulnerability. |
| netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php. |
| netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/address_interpret.php. |
| netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/applyhardware.php. |
| netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /include/authrp.php. |
| netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupTimePolicy.php. |
| netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_user_login.php. |
| netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/menu.php. |
