Vendor
Woider
Products
1
CVEs
4
Across products
4
Status
Private
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-28063 | Cri | 0.64 | 9.8 | 0.01 | May 13, 2021 | A file upload issue exists in all versions of ArticleCMS which allows malicious users to getshell. | ||
| CVE-2020-20092 | Cri | 0.64 | 9.8 | 0.01 | May 13, 2021 | File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code. | ||
| CVE-2018-19469 | Med | 0.40 | 6.1 | 0.01 | Nov 23, 2018 | ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter. | ||
| CVE-2018-12339 | Med | 0.35 | 5.4 | 0.00 | Jun 13, 2018 | ArticleCMS through 2017-02-19 has XSS via an "add an article" action. |
- risk 0.64cvss 9.8epss 0.01
A file upload issue exists in all versions of ArticleCMS which allows malicious users to getshell.
- risk 0.64cvss 9.8epss 0.01
File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code.
- risk 0.40cvss 6.1epss 0.01
ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter.
- risk 0.35cvss 5.4epss 0.00
ArticleCMS through 2017-02-19 has XSS via an "add an article" action.