The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2020-18155 | SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection. | HIGH | Jul 15, 2021 |
CVE-2020-18157 | Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php. | MEDIUM | Jul 30, 2021 |
CVE-2020-18158 | Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php. | LOW | Jul 30, 2021 |
CVE-2020-18164 | SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter. | HIGH | Aug 18, 2021 |
CVE-2020-18165 | Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the Website SEO Keywords field on the page admin/info.php?shuyu. | LOW | May 12, 2021 |
CVE-2020-18166 | Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a .jpg.php extension to the component admin/wenjian.php?wj=../templets/pc. | HIGH | May 14, 2021 |
CVE-2020-18167 | Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the Homepage Introduction field of component admin/info.php?shuyu. | LOW | May 14, 2021 |
CVE-2020-18169 | A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details | MEDIUM | Jul 27, 2021 |
CVE-2020-18170 | An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions. | HIGH | Jul 27, 2021 |
CVE-2020-18171 | TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit\'s use of OLE is a security vulnerability unto itself and it is not. See reference document for more details | HIGH | Jul 27, 2021 |
CVE-2020-18172 | A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges. | HIGH | Jul 27, 2021 |
CVE-2020-18173 | A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code. | MEDIUM | Jul 27, 2021 |
CVE-2020-18174 | A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges. | HIGH | Jul 27, 2021 |
CVE-2020-18175 | SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php. | HIGH | Jul 30, 2021 |
CVE-2020-18178 | Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component /hcms/admin/index.php/language/ajax. | HIGH | May 18, 2021 |
CVE-2020-18184 | In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template. | MEDIUM | Oct 2, 2020 |
CVE-2020-18185 | class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. | HIGH | Oct 8, 2020 |
CVE-2020-18190 | Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture. | MEDIUM | Oct 9, 2020 |
CVE-2020-18191 | GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php | MEDIUM | Oct 5, 2020 |
CVE-2020-18194 | Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post. | MEDIUM | May 18, 2021 |
CVE-2020-18195 | Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component /admin.php?action=page. | MEDIUM | May 18, 2021 |
CVE-2020-18198 | Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component /admin.php?action=images. | MEDIUM | May 18, 2021 |
CVE-2020-18215 | Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code. | MEDIUM | Feb 12, 2021 |
CVE-2020-18220 | Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks. | MEDIUM | May 20, 2021 |
CVE-2020-18221 | Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula. | MEDIUM | May 28, 2021 |
CVE-2020-18229 | Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter $cfg_copyright of component /admin/web_config.php. | LOW | May 28, 2021 |
CVE-2020-18230 | Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter $cfg_switchshow of component /admin/web_config.php. | LOW | May 28, 2021 |
CVE-2020-18232 | Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. | -- | Aug 22, 2023 |
CVE-2020-18259 | ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields. | MEDIUM | Nov 5, 2021 |
CVE-2020-18261 | An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands. | HIGH | Nov 5, 2021 |
CVE-2020-18262 | ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter. | HIGH | Nov 5, 2021 |
CVE-2020-18263 | PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information. | MEDIUM | Nov 5, 2021 |
CVE-2020-18264 | Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component Simple-Log/admin/admin.php?act=act_edit_member. | MEDIUM | Jun 9, 2021 |
CVE-2020-18265 | Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component Simple-Log/admin/admin.php?act=act_add_member. | MEDIUM | Jun 9, 2021 |
CVE-2020-18268 | Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the redirect parameter in the component zb_system/cmd.php. | MEDIUM | Jun 7, 2021 |
CVE-2020-18280 | Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function. | -- | May 9, 2023 |
CVE-2020-18282 | Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature. | -- | May 11, 2023 |
CVE-2020-18324 | Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. | MEDIUM | Mar 4, 2022 |
CVE-2020-18325 | Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. | MEDIUM | Mar 4, 2022 |
CVE-2020-18326 | Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. | MEDIUM | Mar 4, 2022 |
CVE-2020-18327 | Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 | MEDIUM | Mar 4, 2022 |
CVE-2020-18329 | An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface. | -- | Jan 27, 2023 |
CVE-2020-18330 | An issue was discovered in the default configuration of ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), allows attackers to gain access to the configuration interface. | -- | Jan 27, 2023 |
CVE-2020-18331 | Directory traversal vulnerability in ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), via the getpage parameter to /cgi-bin/webproc. | -- | Jan 27, 2023 |
CVE-2020-18336 | Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function. | -- | Oct 10, 2023 |
CVE-2020-18378 | A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as. | -- | Aug 22, 2023 |
CVE-2020-18382 | Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt. | -- | Aug 22, 2023 |
CVE-2020-18392 | Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | MEDIUM | May 28, 2021 |
CVE-2020-18395 | A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs. | MEDIUM | May 28, 2021 |
CVE-2020-18404 | An issue was discovered in espcms version P8.18101601. There is a cross site scripting (XSS) vulnerability that allows arbitrary code to be executed via the title parameter. | -- | Jun 27, 2023 |