Every CVE whose affected-product data names Duxcms Project Duxcms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2021-3242 — CVSS 9.8 (critical): DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=.
CVE-2020-21861 — CVSS 8.8 (high): File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload.
CVE-2020-21862 — CVSS 8.1 (high): Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del.
CVE-2020-21881 — CVSS 6.5 (medium): Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via…
CVE-2020-36763 — CVSS 5.4 (medium): Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom…
CVE-2020-36610 — CVSS 4.3 (medium): A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The…
CVE-2020-36609 — CVSS 2.4 (low): A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file…