Security team Iranian Exploit Database – IEDB – and team IrIsT has discovered multiple vulnerabilities in CMS software by NeginGroup and rasanehpardaz.
NeginGroup CMS has vulnerability of SQL injection and cross-site scripting – XSS.
Rasanehpardaz CMS has vulnerability of only cross-site scripting.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. Cross-site scripting is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.