qdPM version 9.1 suffers from a persistent cross site scripting vulnerability.
>> AUTHOR: deepcore
NukeViet VMS version 4.4.00 suffers from a cross site request forgery vulnerability.
Submitty version 20.04.01 suffers from a persistent cross site scripting vulnerability.
PHP-Fusion version 9.03.50 suffers from a remote SQL injection vulnerability.
Victor CMS version 1.0 suffers from an authenticated remote shell upload vulnerability.
qdPM 9.1 – ‘cfg[app_app_name]’ Persistent Cross-Site Scripting
Victor CMS 1.0 – ‘cat_id’ SQL Injection
php-fusion 9.03.50 – ‘ctype’ SQL Injection
Submitty 20.04.01 – Persistent Cross-Site Scripting
NukeViet VMS 4.4.00 – Cross-Site Request Forgery (Change Admin Password)