Zsoft Oop Cms Blog vulnerabilities
2 known vulnerabilities affecting zsoft/oop_cms_blog.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2018-25199P2CRITICALCVSS 9.8v1.02026-03-06
CVE-2018-25199 [CRITICAL] CWE-89 CVE-2018-25199: OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to exec
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information i
nvd
CVE-2018-25200P3HIGHCVSS 8.8v1.02026-03-06
CVE-2018-25200 [HIGH] CWE-352 CVE-2018-25200: OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated att
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized
nvd