Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Nc-cms Security Vulnerabilities

cve
cve

CVE-2018-18874

nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload...

9.8CVSS

9.7AI Score

0.004EPSS

2022-10-03 04:22 PM
20
cve
cve

CVE-2019-7721

lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata...

7.5CVSS

7.5AI Score

0.001EPSS

2022-10-03 04:19 PM
21
cve
cve

CVE-2018-18361

An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html allows XSS via the name parameter, as demonstrated by a value beginning with home_content and containing a crafted SRC attribute of an IMG...

6.1CVSS

5.9AI Score

0.001EPSS

2018-10-15 03:29 PM
18
cve
cve

CVE-2018-18290

An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported...

4.8CVSS

4.8AI Score

0.001EPSS

2018-10-14 09:29 PM
22