VYPR

DuxCMS

by DuxCMS

CVEs (6)

  • CVE-2021-3242CriFeb 16, 2022
    risk 0.64cvss 9.8epss 0.01

    DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=.

  • CVE-2020-21861HigJul 6, 2023
    risk 0.57cvss 8.8epss 0.01

    File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload.

  • CVE-2020-21862HigJul 6, 2023
    risk 0.53cvss 8.1epss 0.01

    Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del.

  • CVE-2020-21881MedJul 31, 2023
    risk 0.42cvss 6.5epss 0.00

    Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.

  • CVE-2024-37791MedJun 18, 2024
    risk 0.39cvss 6.0epss 0.01

    DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?class_id.

  • CVE-2020-36763MedJul 31, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.