VYPR

ESPCMS-P8

by EARCLINK

CVEs (4)

  • CVE-2020-18913HigAug 24, 2021
    risk 0.49cvss 7.5epss 0.01

    EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. This vulnerability allows attackers to access sensitive database information.

  • CVE-2019-5488HigJan 7, 2019
    risk 0.49cvss 7.5epss 0.01

    EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac=Member&at=verifyAccount verify_key parameter. install_pack/espcms_public/espcms_db.php may allow retrieving sensitive information from the ESPCMS database.

  • CVE-2020-20125MedSep 28, 2021
    risk 0.40cvss 6.1epss 0.01

    EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability in espcms_web\espcms_load.php.

  • CVE-2023-0246LowJan 12, 2023
    risk 0.23cvss 3.5epss 0.01

    A vulnerability, which was classified as problematic, was found in earclink ESPCMS P8.21120101. Affected is an unknown function of the component Content Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been…