Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.
AnalysisAI
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. Affected products include: Victor Cms Project Victor Cms.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Victor Cms
View allArbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload t
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page. Rated
Victor Cms versions up to 1.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Victor Cms versions up to 1.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?se
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote att
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. Rated high severity
A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. Rated high sev
Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows a
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field. Rated medium severi
An issue was discovered in Victor CMS through 2018-05-10. Rated medium severity (CVSS 4.8), this vulnerability is remote
An issue was discovered in Victor CMS through 2018-05-10. Rated medium severity (CVSS 6.1), this vulnerability is remote
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today