shuo sheng

9 exploits Active since Apr 2024
CVE-2024-31009 WRITEUP MEDIUM WRITEUP
Sem-cms Semcms - SQL Injection
SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php.
CVSS 6.5
CVE-2024-31010 WRITEUP HIGH WRITEUP
Sem-cms Semcms - SQL Injection
SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php.
CVSS 7.5
CVE-2024-31011 WRITEUP CRITICAL WRITEUP
Beescms - Code Injection
Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php.
CVSS 9.8
CVE-2024-31012 WRITEUP CRITICAL WRITEUP
Sem-cms Semcms - Unrestricted File Upload
An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file.
CVSS 9.8
CVE-2024-31609 WRITEUP HIGH WRITEUP
Bosscms - XSS
Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration.
CVSS 7.1
CVE-2024-31610 WRITEUP MEDIUM WRITEUP
Code-projects Simple School Managemen... - Unrestricted File Upload
File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file.
CVSS 6.3
CVE-2024-31611 WRITEUP CRITICAL WRITEUP
Seacms - Improper Resource Release
SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.
CVSS 9.1
CVE-2024-31612 WRITEUP MEDIUM WRITEUP
Emlog - CSRF
Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information.
CVSS 6.5
CVE-2024-32167 WRITEUP CRITICAL WRITEUP
Sourcecodester Online Medicine Ordering System 1.0 - Info Disclosure
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files.
CVSS 9.1