Vulnerabilities > Ocproducts

DATE CVE VULNERABILITY TITLE RISK
2022-02-09 CVE-2021-46360 Unrestricted Upload of File with Dangerous Type vulnerability in Ocproducts Composr
Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr.
network
low complexity
ocproducts CWE-434
8.8
2021-04-06 CVE-2021-30150 Cross-site Scripting vulnerability in Ocproducts Composr 10.0.36
Composr 10.0.36 allows XSS in an XML script.
network
ocproducts CWE-79
4.3
2021-04-06 CVE-2021-30149 Unrestricted Upload of File with Dangerous Type vulnerability in Ocproducts Composr 10.0.36
Composr 10.0.36 allows upload and execution of PHP files.
network
low complexity
ocproducts CWE-434
7.5
2020-05-22 CVE-2020-8789 Cross-site Scripting vulnerability in Ocproducts Composr 10.0.30
Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration.
network
ocproducts CWE-79
3.5