Vulnerabilities > Victor CMS Project

DATE CVE VULNERABILITY TITLE RISK
2023-05-08 CVE-2020-23966 SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0
SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request.
network
low complexity
victor-cms-project CWE-89
critical
9.8
2022-06-16 CVE-2020-35597 SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0
Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.
network
low complexity
victor-cms-project CWE-89
8.8
2022-04-28 CVE-2022-28060 SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php.
network
low complexity
victor-cms-project CWE-89
7.5
2022-04-21 CVE-2022-27478 Unrestricted Upload of File with Dangerous Type vulnerability in Victor CMS Project Victor CMS 1.0
Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin.
network
low complexity
victor-cms-project CWE-434
8.8
2022-03-04 CVE-2022-26201 SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.
network
low complexity
victor-cms-project CWE-89
critical
9.8
2022-02-03 CVE-2022-23873 SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter.
network
low complexity
victor-cms-project CWE-89
8.8
2022-01-31 CVE-2021-46459 SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user.
network
low complexity
victor-cms-project CWE-89
7.5
2022-01-31 CVE-2021-46458 SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post.
network
low complexity
victor-cms-project CWE-89
7.5
2021-07-23 CVE-2021-25203 Unrestricted Upload of File with Dangerous Type vulnerability in Victor CMS Project Victor CMS 1.0
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.
network
low complexity
victor-cms-project CWE-434
critical
9.8
2020-12-02 CVE-2020-29280 SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
network
low complexity
victor-cms-project CWE-89
critical
9.8