Jayus0821

#7439of 53,632
36.9Total CVSS
Vulnerabilities · 4
High
1
Critical
3
PT-2021-17117
9.8
2021-11-01
Unknown · Millken Doyocms · CVE-2021-26739
**Name of the Vulnerable Software and Affected Versions** millken doyocms version 2.3 **Description** The issue allows attackers to execute arbitrary code via the `attribute` parameter in the pay.php file. This is a SQL Injection vulnerability, which means an attacker can inject malicious SQL code to manipulate the database. **Recommendations** For millken doyocms version 2.3, consider restricting access to the pay.php file until a patch is available. As a temporary workaround, avoid using the `attribute` parameter in the pay.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2021-17118
9.8
2021-11-01
Unknown · Millken Doyocms · CVE-2021-26740
**Name of the Vulnerable Software and Affected Versions** millken doyocms version 2.3 **Description** The issue allows attackers to execute arbitrary code due to an arbitrary file upload vulnerability in the sysupload.php file. **Recommendations** For millken doyocms version 2.3, consider disabling the sysupload.php file until a patch is available to prevent arbitrary file uploads and subsequent code execution.
PT-2021-11911
7.5
2021-01-05
Minicms · Minicms · CVE-2020-36051
Name of the Vulnerable Software and Affected Versions: MiniCMS version V1.10 Description: The issue allows remote attackers to read arbitrary files via the `state` parameter in the page edit.php file. This enables access to sensitive information. Recommendations: For MiniCMS version V1.10, consider restricting access to the page edit.php file until a fix is available. As a temporary workaround, avoid using the `state` parameter in the affected page edit.php file to minimize the risk of exploitation.
PT-2021-11912
9.8
2021-01-05
Minicms · Minicms · CVE-2020-36052
Name of the Vulnerable Software and Affected Versions: MiniCMS version V1.10 Description: The issue allows remote attackers to include and execute arbitrary files via the `state` parameter in the post-edit.php file. This enables attackers to potentially access and execute sensitive files on the server. Recommendations: For MiniCMS version V1.10, consider restricting access to the post-edit.php file until a patch is available. As a temporary workaround, avoid using the `state` parameter in the affected file to minimize the risk of exploitation.