VYPR

Cmswing

by Arterli

Source repositories

CVEs (4)

  • CVE-2020-20296CriFeb 1, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.

  • CVE-2020-20295CriFeb 1, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.

  • CVE-2020-20294CriFeb 1, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.

  • CVE-2019-7649HigFeb 17, 2019
    risk 0.49cvss 7.5epss 0.01

    global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.