Vulnerabilities > Cmswing
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2021-43735 | SQL Injection vulnerability in Cmswing 1.3.7 CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule. | 9.8 |
| 2022-03-23 | CVE-2021-43736 | Argument Injection or Modification vulnerability in Cmswing 1.3.7 CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule | 9.8 |
| 2021-05-17 | CVE-2020-24992 | Cross-site Scripting vulnerability in Cmswing 1.3.7 There is a cross site scripting vulnerability on CmsWing 1.3.7. | 5.4 |
| 2021-05-17 | CVE-2020-24993 | Cross-site Scripting vulnerability in Cmswing 1.3.7 There is a cross site scripting vulnerability on CmsWing 1.3.7. | 5.4 |
| 2021-02-01 | CVE-2020-20296 | SQL Injection vulnerability in Cmswing 1.3.8 An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands. | 9.8 |
| 2021-02-01 | CVE-2020-20295 | SQL Injection vulnerability in Cmswing 1.3.8 An issue was found in CMSWing project version 1.3.8. | 9.8 |
| 2021-02-01 | CVE-2020-20294 | SQL Injection vulnerability in Cmswing 1.3.8 An issue was found in CMSWing project version 1.3.8. | 9.8 |
| 2019-02-17 | CVE-2019-7649 | Use of Password Hash With Insufficient Computational Effort vulnerability in Cmswing 1.3.7 global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing. | 7.5 |