CVE-2024-25187

Server Side Request Forgery SSRF vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html...

CVE-2024-25166

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

CVE-2024-25187

Server Side Request Forgery SSRF vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html...

CVE-2024-25187

Server Side Request Forgery SSRF vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html...

71cms 安全漏洞

71CMS is a smart party building system open source by xiaocheng-keji. A security vulnerability exists in 71cms v1.0.0, which stems from the presence of a Server Request Forgery SSRF vulnerability...

PT-2024-20803 · 71Cms · 71Cms

Name of the Vulnerable Software and Affected Versions: 71cms version 1.0.0 Description: The issue allows remote unauthenticated attackers to obtain sensitive information. This is achieved via the getweather.html endpoint, which is vulnerable to Server Side Request Forgery SSRF. SSRF is a type of...

CVE-2024-25187

Server Side Request Forgery SSRF vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html...

CVE-2024-25187

CVE-2024-25187 : A Server Side Request Forgery (SSRF) in 71cms v1.0.0 allows remote, unauthenticated attackers to disclose sensitive information via the getweather.html endpoint. Affected component is the getweather.html handling in 71cms v1.0.0; root cause details are not provided beyond the SSR...

CVE-2024-25166

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

Cross site scripting

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

CVE-2024-25166

CVE-2024-25166 affects 71CMS v1.0.0. A Cross Site Scripting flaw allows a remote attacker to execute arbitrary code via the uploadfile action parameter in controller.php. The Red Hat/NVD/CVE reports and related vendors confirm the vulnerability; no official patch/version is provided in the suppli...

CVE-2024-25166

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

CVE-2024-25166

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

PT-2024-20794 · 71Cms · 71Cms

Name of the Vulnerable Software and Affected Versions: 71CMS version 1.0.0 Description: The issue allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file. This is a Cross Site Scripting vulnerability. Recommendations: For 71CMS version...