Vendor Products CVEs KEV Avg EPSS Worst Severity 2 8 0 20.4% CRITICAL
CVE ID Description Severity CVSS KEV EPSS Published CVE-2024-50650 python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter. HIGH 7.5 — 41.5% Nov 15, 2024 CVE-2024-50649 The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability. CRITICAL 9.8 — 57.1% Nov 15, 2024 CVE-2024-50966 dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin. CRITICAL 9.3 — 16.6% Nov 8, 2024 CVE-2024-48291 dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17 MEDIUM 6.3 — 6.7% Oct 28, 2024 CVE-2024-48191 dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17 MEDIUM 6.3 — 7.1% Oct 28, 2024 CVE-2024-48758 dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code MEDIUM 6.1 — 16.9% Oct 16, 2024 CVE-2024-46600 dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31 MEDIUM 4.7 — 10.4% Sep 25, 2024 CVE-2024-46485 dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate MEDIUM 6.3 — 6.7% Sep 25, 2024