Victor CMS

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-08	CVE-2020-23966	SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request. network low complexity victor-cms-project CWE-89 critical	9.8
2022-06-16	CVE-2020-35597	SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php. network low complexity victor-cms-project CWE-89	6.5
2022-04-28	CVE-2022-28060	SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. network low complexity victor-cms-project CWE-89	5.0
2022-04-21	CVE-2022-27478	Unrestricted Upload of File with Dangerous Type vulnerability in Victor CMS Project Victor CMS 1.0 Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin. network low complexity victor-cms-project CWE-434	6.5
2022-03-04	CVE-2022-26201	SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. network low complexity victor-cms-project CWE-89	7.5
2022-02-03	CVE-2022-23873	SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter. network low complexity victor-cms-project CWE-89	6.5
2022-01-31	CVE-2021-46459	SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. network low complexity victor-cms-project CWE-89	5.0
2022-01-31	CVE-2021-46458	SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. network low complexity victor-cms-project CWE-89	5.0
2021-07-23	CVE-2021-25203	Unrestricted Upload of File with Dangerous Type vulnerability in Victor CMS Project Victor CMS 1.0 Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php. network low complexity victor-cms-project CWE-434	7.5
2020-12-02	CVE-2020-29280	SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page. network low complexity victor-cms-project CWE-89	7.5