victor_cms_project CVE Vulnerabilities & Metrics

Focus on victor_cms_project vulnerabilities and metrics.

Last updated: 15 Feb 2026, 23:25 UTC

About victor_cms_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with victor_cms_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total victor_cms_project CVEs: 18
Earliest CVE date: 21 Aug 2018, 02:29 UTC
Latest CVE date: 03 Feb 2026, 22:16 UTC

Latest CVE reference: CVE-2020-37076

Rolling Stats

30-day Count (Rolling): 4
365-day Count (Rolling): 4

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical victor_cms_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.12

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	6
4.0-6.9	9
7.0-8.9	3
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS victor_cms_project CVEs

These are the five CVEs with the highest CVSS scores for victor_cms_project, sorted by severity first and recency.

CVE-2022-26201 victor_cms_project Published on 04 Mar 2022, 14:15 UTC (CVSS: 7.5)
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.
CVE-2021-25203 victor_cms_project Published on 23 Jul 2021, 14:15 UTC (CVSS: 7.5)
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.
CVE-2020-29280 victor_cms_project Published on 02 Dec 2020, 22:15 UTC (CVSS: 7.5)
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
CVE-2020-35597 victor_cms_project Published on 16 Jun 2022, 19:15 UTC (CVSS: 6.5)
Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.
CVE-2022-27478 victor_cms_project Published on 21 Apr 2022, 20:15 UTC (CVSS: 6.5)
Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin.

All CVEs for victor_cms_project

CVE-2020-37076 victor_cms_project vulnerability CVSS: 0 03 Feb 2026, 22:16 UTC

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based, error-based, and time-based injection techniques.

CVE-2020-37073 victor_cms_project vulnerability CVSS: 0 03 Feb 2026, 22:16 UTC

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file with a 'cmd' parameter.

CVE-2020-37072 victor_cms_project vulnerability CVSS: 0 03 Feb 2026, 22:16 UTC

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers.

CVE-2020-36942 victor_cms_project vulnerability CVSS: 0 27 Jan 2026, 16:16 UTC

Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser.

CVE-2020-23966 victor_cms_project vulnerability CVSS: 0 08 May 2023, 14:15 UTC

SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request.

CVE-2020-35597 victor_cms_project vulnerability CVSS: 6.5 16 Jun 2022, 19:15 UTC

Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.

CVE-2022-28060 victor_cms_project vulnerability CVSS: 5.0 28 Apr 2022, 20:15 UTC

SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php.

CVE-2022-27478 victor_cms_project vulnerability CVSS: 6.5 21 Apr 2022, 20:15 UTC

Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin.

CVE-2022-26201 victor_cms_project vulnerability CVSS: 7.5 04 Mar 2022, 14:15 UTC

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.

CVE-2022-23873 victor_cms_project vulnerability CVSS: 6.5 03 Feb 2022, 03:15 UTC

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter.

CVE-2021-46459 victor_cms_project vulnerability CVSS: 5.0 31 Jan 2022, 19:15 UTC

Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters.

CVE-2021-46458 victor_cms_project vulnerability CVSS: 5.0 31 Jan 2022, 16:15 UTC

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter.

CVE-2021-25203 victor_cms_project vulnerability CVSS: 7.5 23 Jul 2021, 14:15 UTC

Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.

CVE-2020-29280 victor_cms_project vulnerability CVSS: 7.5 02 Dec 2020, 22:15 UTC

The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.

CVE-2020-23945 victor_cms_project vulnerability CVSS: 5.0 27 Oct 2020, 15:15 UTC

A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obtain data information in the database.

CVE-2020-15599 victor_cms_project vulnerability CVSS: 4.3 07 Jul 2020, 21:15 UTC

Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.

CVE-2018-16775 victor_cms_project vulnerability CVSS: 3.5 10 Sep 2018, 04:29 UTC

An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu.

CVE-2018-15603 victor_cms_project vulnerability CVSS: 4.3 21 Aug 2018, 02:29 UTC

An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the "Leave a Comment" screen.