Vulnerabilities > Ed01 CMS Project

DATE CVE VULNERABILITY TITLE RISK
2022-04-26 CVE-2022-28524 SQL Injection vulnerability in Ed01-Cms Project Ed01-Cms 20180505
ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php.
network
low complexity
ed01-cms-project CWE-89
7.5
2022-04-26 CVE-2022-28525 Unrestricted Upload of File with Dangerous Type vulnerability in Ed01-Cms Project Ed01-Cms 20180505
ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1.
network
low complexity
ed01-cms-project CWE-434
6.5
2021-11-03 CVE-2020-18259 Cross-site Scripting vulnerability in Ed01-Cms Project Ed01-Cms 1.0
ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php.
4.3
2021-11-03 CVE-2020-18261 Unrestricted Upload of File with Dangerous Type vulnerability in Ed01-Cms Project Ed01-Cms 1.0
An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands.
network
low complexity
ed01-cms-project CWE-434
7.5
2021-11-03 CVE-2020-18262 SQL Injection vulnerability in Ed01-Cms Project Ed01-Cms 1.0
ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter.
network
low complexity
ed01-cms-project CWE-89
7.5