CVE-2020-35597

HIGH

Victor Cms - SQL Injection

Title source: rule

Description

Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.

Exploits (1)

exploitdb WORKING POC

by Furkan Göksel · textwebappsphp

https://www.exploit-db.com/exploits/49282

View Code ZIP pw:eip

References (3)

[Issue Tracking, Third Party Advisory] https://github.com/VictorAlagwu/CMSsite/issues/16

[Exploit, Third Party Advisory] https://cxsecurity.com/issue/WLB-2020120118

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49282

Scores

CVSS v3 8.8

EPSS 0.0095

EPSS Percentile 76.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

victor_cms_project/victor_cms 1.0

Published Jun 16, 2022

Tracked Since Feb 18, 2026