Manas Bellani

#9480of 53,632
29.2Total CVSS
Vulnerabilities · 4
Medium
2
Critical
2
PT-2018-15453
4.8
2018-12-30
Ivan Cordoba · Ivan Cordoba Generic Content Management System · CVE-2018-20589
**Name of the Vulnerable Software and Affected Versions** Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 **Description** The issue concerns a Cross-Site Scripting (XSS) flaw. It is exploitable via the Administrator/add pictures.php `article ID`. **Recommendations** For Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28, update to a version released after 2018-04-28 to resolve the issue.
PT-2018-15454
4.8
2018-12-30
Ivan Cordoba · Ivan Cordoba Generic Content Management System · CVE-2018-20590
**Name of the Vulnerable Software and Affected Versions** Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 **Description** The issue allows for XSS via the Administrator/users.php `user ID`. **Recommendations** For Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28, avoid using the `user ID` in the Administrator/users.php endpoint until the issue is resolved.
PT-2018-15438
9.8
2018-12-28
Ivan Cordoba · Ivan Cordoba Generic Content Management System · CVE-2018-20568
**Name of the Vulnerable Software and Affected Versions** Ivan Cordoba Generic Content Management System (CMS) versions prior to 2018-04-28 **Description** The issue allows for SQL injection, which can be used for authentication bypass. This means an attacker could potentially gain unauthorized access to the system without proper credentials. **Recommendations** For versions prior to 2018-04-28, update to a version released after 2018-04-28 to resolve the issue.
PT-2018-15439
9.8
2018-12-28
Ivan Cordoba · Ivan Cordoba Generic Content Management System · CVE-2018-20569
**Name of the Vulnerable Software and Affected Versions** Ivan Cordoba Generic Content Management System (CMS) versions through 2018-04-28 **Description** The issue allows for SQL injection, which can be used for authentication bypass. This means an attacker could potentially gain unauthorized access to the system without proper credentials. **Recommendations** For Ivan Cordoba Generic Content Management System (CMS) versions through 2018-04-28, consider restricting access to the `user/index.php` file until a fix is available. As a temporary workaround, review and modify the SQL queries to prevent injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.