Skip to main content

Generic Content Management System

4 CVEs product

Monthly

CVE-2018-20590 MEDIUM PATCH This Month

Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Generic Content Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2018-20589 MEDIUM PATCH This Month

Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Generic Content Management System
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-20569 CRITICAL Act Now

user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Authentication Bypass PHP Generic Content Management System
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-20568 CRITICAL PATCH Act Now

Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Authentication Bypass PHP Generic Content Management System
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Generic Content Management System
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Generic Content Management System
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Authentication Bypass PHP +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Authentication Bypass PHP +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy