RSS   Vulnerabilities for 'Cmswing'   RSS

2022-03-23
 
CVE-2021-43735

CWE-89
 

 
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.

 
 
CVE-2021-43736

CWE-88
 

 
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule

 
2021-05-17
 
CVE-2020-24992

CWE-79
 

 
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when an administrator accesses the content management module.

 
 
CVE-2020-24993

CWE-79
 

 
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when visitors access the article module.

 
2021-02-01
 
CVE-2020-20296

CWE-89
 

 
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.

 
 
CVE-2020-20295

CWE-89
 

 
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.

 
 
CVE-2020-20294

CWE-89
 

 
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.

 
2019-02-17
 
CVE-2019-7649

CWE-326
 

 
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.

 


Copyright 2024, cxsecurity.com

 

Back to Top