返回 CVE 浏览器

CVE-2020-23976

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0520%

EPSS Percentile3.01th

Published2020年8月27日

Last Modified2024年11月21日

Vulnerability Description

Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter.

Affected Platforms (CPE)

📦

Webexcels

Ecommerce Cms

= 2017

📦

Webexcels

Ecommerce Cms

= 2018

📦

Webexcels

Ecommerce Cms

= 2019

📦

Webexcels

Ecommerce Cms

= 2020

References & Advisories

🔗 https://cxsecurity.com/issue/WLB-2020030174

🔗 https://packetstormsecurity.com/files/156948/Webexcels-Ecommerce-CMS-2.x-SQL-Injection-Cross-Site-Scripting.html

🔗 https://cxsecurity.com/issue/WLB-2020030174

🔗 https://packetstormsecurity.com/files/156948/Webexcels-Ecommerce-CMS-2.x-SQL-Injection-Cross-Site-Scripting.html

相关漏洞威胁

CVE-2020-239789.8

SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php"

CVE-2006-50966.8

Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce...

CVE-2020-239756.1

Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter.

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...