Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-16	CVE-2020-35597	SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php. network low complexity victor-cms-project CWE-89	6.5
2022-04-28	CVE-2022-28060	SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. network low complexity victor-cms-project CWE-89	5.0
2022-04-21	CVE-2022-27478	Unrestricted Upload of File with Dangerous Type vulnerability in Victor CMS Project Victor CMS 1.0 Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin. network low complexity victor-cms-project CWE-434	6.5
2022-02-03	CVE-2022-23873	SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter. network low complexity victor-cms-project CWE-89	6.5
2022-01-31	CVE-2021-46459	SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. network low complexity victor-cms-project CWE-89	5.0
2022-01-31	CVE-2021-46458	SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. network low complexity victor-cms-project CWE-89	5.0
2020-10-27	CVE-2020-23945	SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. network low complexity victor-cms-project CWE-89	5.0
2020-07-07	CVE-2020-15599	Cross-site Scripting vulnerability in Victor CMS Project Victor CMS 1.0/20180510/20190228 Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field. network victor-cms-project CWE-79	4.3
2018-08-21	CVE-2018-15603	Cross-site Scripting vulnerability in Victor CMS Project Victor CMS 20180510 An issue was discovered in Victor CMS through 2018-05-10. network victor-cms-project CWE-79	4.3