High
CVSS: 8.8
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads…
High
CVSS: 8.6
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and…
Medium
CVSS: 5.1
Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission fo…
High
CVSS: 8.7
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands b…