#windows

elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=.

Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php.

OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.

siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).

Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information.

Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php.

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file.

elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php.

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php.

elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php.