Vulnerabilities > Duxcms Project

DATE CVE VULNERABILITY TITLE RISK
2023-07-31 CVE-2020-36763 Cross-site Scripting vulnerability in Duxcms Project Duxcms 2.1
Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.
network
low complexity
duxcms-project CWE-79
5.4
2023-07-31 CVE-2020-21881 Cross-Site Request Forgery (CSRF) vulnerability in Duxcms Project Duxcms 2.1
Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.
network
low complexity
duxcms-project CWE-352
6.5
2023-07-06 CVE-2020-21861 Unrestricted Upload of File with Dangerous Type vulnerability in Duxcms Project Duxcms 2.1
File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload.
network
low complexity
duxcms-project CWE-434
8.8
2023-07-06 CVE-2020-21862 Path Traversal vulnerability in Duxcms Project Duxcms 2.1
Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del.
network
low complexity
duxcms-project CWE-22
8.1
2022-12-08 CVE-2020-36609 Unspecified vulnerability in Duxcms Project Duxcms 2.1
A vulnerability was found in annyshow DuxCMS 2.1.
network
low complexity
duxcms-project
5.4
2022-12-08 CVE-2020-36610 Unspecified vulnerability in Duxcms Project Duxcms 2.1
A vulnerability was found in annyshow DuxCMS 2.1.
network
low complexity
duxcms-project
8.0
2022-02-16 CVE-2021-3242 SQL Injection vulnerability in Duxcms Project Duxcms 3.1.3
DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=.
network
low complexity
duxcms-project CWE-89
critical
9.8