Num-Nine

#9294de 53,622
29.4CVSS total
Vulnerabilidades · 4
Média
2
Alta
1
Crítica
1
PT-2023-29811
5.4
2023-10-31
Unknown · Getsimple Cms · CVE-2023-46040
**Name of the Vulnerable Software and Affected Versions** GetSimpleCMS version 3.4.0a **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary code by sending a crafted payload to the `components.php` function. **Recommendations** For GetSimpleCMS version 3.4.0a, consider disabling the `components.php` function until a patch is available to prevent exploitation.
PT-2023-29987
5.4
2023-10-31
Minicms · Minicms · CVE-2023-46378
**Name of the Vulnerable Software and Affected Versions** MiniCMS version 1.1.1 **Description** The issue allows attackers to run arbitrary code via a crafted string appended to the "/mc-admin/conf.php" API endpoint. This is a Stored Cross Site Scripting (XSS) issue, which means that an attacker can inject malicious code into the application, and this code will be executed by the application, potentially allowing the attacker to access sensitive data or take control of the application. **Recommendations** For MiniCMS version 1.1.1, as a temporary workaround, consider restricting access to the "/mc-admin/conf.php" endpoint until a patch is available. Additionally, avoid using crafted strings that could be used to exploit this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-29812
9.8
2023-10-19
Unknown · Getsimple Cms · CVE-2023-46042
**Name of the Vulnerable Software and Affected Versions** GetSimpleCMS version 3.4.0a **Description** An issue in GetSimpleCMS allows a remote attacker to execute arbitrary code via a crafted payload to the `phpinfo()` function. **Recommendations** For GetSimpleCMS version 3.4.0a, update to a version that fixes this issue, as the current version allows remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-28318
8.8
2023-09-20
Elitecms · Elitecms · CVE-2023-42331
**Name of the Vulnerable Software and Affected Versions** EliteCMS version 1.01 **Description** A file upload vulnerability allows a remote attacker to execute arbitrary code via the manage uploads.php component. **Recommendations** For EliteCMS version 1.01, consider disabling the file upload functionality in the manage uploads.php component until a patch is available. Restrict access to the manage uploads.php component to minimize the risk of exploitation.