CVE-2019-11374

74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin=admin=add URI...

CVE-2020-22210

SQL Injection in 74cms 3.2.0 via the x parameter to ajaxofficebuilding.php...

CVE-2018-20519

An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal=ajaxsavebasic pid parameter...

CVE-2018-20454

An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume=resumelist has XSS via the key parameter...

PT-2024-21039 · 74Cms · 74Cms

Name of the Vulnerable Software and Affected Versions: 74CMS version 3.28.0 Description: A critical issue has been found in the function sendCompanyLogo of the file /controller/company/Index.phpsendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads...

74CMS SQL Injection Vulnerability (CNVD-2021-43389)

74CMS is a talent recruitment system based on the second development of ThinkPHP framework. A SQL injection vulnerability exists in 74CMS version 3.2.0. An attacker can exploit this vulnerability to inject SQL statements via the x parameter of plus/ajaxstreet.php...

74CMS SQL Injection Vulnerability (CNVD-2021-43380)

74CMS is a recruitment system developed by Taiyuan Xunyi Technology Co., Ltd. based on ThinkPHP framework. A SQL injection vulnerability exists in 74CMS version 3.2.0. An attacker can use this vulnerability to inject SQL statements via the query parameter of plus/ajaxcommon.php...

VulnCheck KEV: CVE-2020-29279

PHP remote file inclusion in the assignresumetpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution...

CVE-2020-35339

In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server...