Every CVE whose affected-product data names 8cms Ljcms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2020-20735 — CVSS 9.8 (critical): File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter.
CVE-2020-20979 — CVSS 9.8 (critical): An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.
CVE-2020-21237 — CVSS 9.8 (critical): An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks.
CVE-2020-20583 — CVSS 7.5 (high): A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R60321 allows attackers to obtain sensitive database information.