Cmswing
by Arterli
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-20296 | Cri | 0.64 | 9.8 | 0.01 | Feb 1, 2021 | An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands. | ||
| CVE-2020-20295 | Cri | 0.64 | 9.8 | 0.01 | Feb 1, 2021 | An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands. | ||
| CVE-2020-20294 | Cri | 0.64 | 9.8 | 0.02 | Feb 1, 2021 | An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands. | ||
| CVE-2019-7649 | Hig | 0.49 | 7.5 | 0.01 | Feb 17, 2019 | global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing. |
- risk 0.64cvss 9.8epss 0.01
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.
- risk 0.64cvss 9.8epss 0.01
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.
- risk 0.64cvss 9.8epss 0.02
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.
- risk 0.49cvss 7.5epss 0.01
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.