Vulnerabilities > Victor CMS Project > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-08 CVE-2020-23966 SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0
SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request.
network
low complexity
victor-cms-project CWE-89
critical
 9.8
9.8
2022-03-04 CVE-2022-26201 SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.
network
low complexity
victor-cms-project CWE-89
critical
 9.8
9.8
2021-07-23 CVE-2021-25203 Unrestricted Upload of File with Dangerous Type vulnerability in Victor CMS Project Victor CMS 1.0
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.
network
low complexity
victor-cms-project CWE-434
critical
 9.8
9.8
2020-12-02 CVE-2020-29280 SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
network
low complexity
victor-cms-project CWE-89
critical
 9.8
9.8