Lucene search

74Cms Security Vulnerabilities

cve

CVE-2018-20454

An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the key parameter.

6.1CVSS

5.9AI Score

0.001EPSS

2022-10-03 04:22 PM

cve

CVE-2018-20519

An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal&a=ajax_save_basic pid parameter.

8.1CVSS

7.6AI Score

0.001EPSS

2022-10-03 04:22 PM

cve

CVE-2019-10684

Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code via the index.php?m=Admin&c=config&a=edit site_domain parameter.

9.8CVSS

9.7AI Score

0.04EPSS

2019-04-01 04:29 PM

cve

CVE-2019-11374

74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.

8.8CVSS

8.6AI Score

0.006EPSS

2019-04-20 03:29 PM

cve

CVE-2019-17612

An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter.

7.2CVSS

7.4AI Score

0.001EPSS

2019-10-15 11:15 PM

cve

CVE-2020-22208

SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php.

9.8CVSS

9.8AI Score

0.177EPSS

2021-06-16 06:15 PM

cve

CVE-2020-22209

SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php.

9.8CVSS

9.8AI Score

0.177EPSS

2021-06-16 06:15 PM

cve

CVE-2020-22210

SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php.

9.8CVSS

9.8AI Score

0.177EPSS

2021-06-16 06:15 PM

cve

CVE-2020-22211

SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php.

9.8CVSS

9.8AI Score

0.177EPSS

2021-06-16 06:15 PM

cve

CVE-2020-22212

SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php.

9.8CVSS

9.7AI Score

0.002EPSS

2021-06-16 06:15 PM

cve

CVE-2020-22421

74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vulnerability via /index.php?m=&c=help&a=help_list&key.

6.1CVSS

6AI Score

0.001EPSS

2021-12-08 04:15 AM

cve

CVE-2020-29279

PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.

9.8CVSS

9.7AI Score

0.019EPSS

2020-12-02 10:15 PM

cve

CVE-2020-35339

In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server.

9.8CVSS

9.7AI Score

0.018EPSS

2021-02-17 03:15 PM

cve

CVE-2022-26271

74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php.

7.5CVSS

7.5AI Score

0.002EPSS

2022-03-28 01:15 AM

cve

CVE-2024-2561

A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted...

6.3CVSS

6.4AI Score

0.0004EPSS

2024-03-17 11:15 AM