Lucene search
+L

155 matches found

OSV
OSV
added 2022/10/17 2:15 p.m.6 views

CVE-2022-41472

74cmsSE v3.12.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field...

5.4CVSS5.9AI score0.00384EPSS
Exploits1References1
Prion
Prion
added 2022/10/17 2:15 p.m.26 views

Cross site scripting

74cmsSE v3.12.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field...

4.9CVSS5.4AI score0.00384EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/10/17 2:15 p.m.20 views

Privilege escalation

An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file...

7.5CVSS9.5AI score0.00916EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.5 views

PT-2022-25879 · 74Cmsse · 74Cmsse

Name of the Vulnerable Software and Affected Versions: 74cmsSE version 3.12.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. This is achieved through the /api/admin/notice/add API endpoint. Recommendations: For...

5.4CVSS5.6AI score0.00384EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/10/17 12:0 a.m.5 views

74cms 代码问题漏洞

XUNYI TECHNOLOGY 74cms is a PHP and MySQL based online recruitment system from China Xunyi Technology Company. A security vulnerability exists in version 74cmsSE v3.13.0, which stems from the /apiadmin/upload/attach component that allows an attacker to upload arbitrary files, resulting in the...

9.8CVSS8.7AI score0.00916EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.7 views

PT-2022-26287 · 74Cmsse · 74Cmsse

Name of the Vulnerable Software and Affected Versions: 74cmsSE version 3.13.0 Description: An arbitrary file upload issue in the "/api/admin/upload/attach" API endpoint allows attackers to execute arbitrary code via a crafted PHP file. Recommendations: For 74cmsSE version 3.13.0, consider disabli...

9.8CVSS9.7AI score0.00916EPSS
Exploits1References3
CVE
CVE
added 2022/10/17 12:0 a.m.257 views

CVE-2022-42154

CVE-2022-42154 involves an arbitrary file upload vulnerability in the 74cmsSE web app, specifically the "/apiadmin/upload/attach" endpoint. A crafted PHP file can be uploaded, enabling attackers to achieve arbitrary code execution on v3.13.0. The CVSS v3.1 score is 9.8 (CRITICAL) with network att...

9.8CVSS9.5AI score0.00916EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/10/17 12:0 a.m.53 views

CVE-2022-41472

CVE-2022-41472 affects 74cmsSE v3.12.0. The vulnerability is a Cross‑Site Scripting (XSS) in the API endpoint “/apiadmin/notice/add” where a crafted payload placed in the Title field can execute arbitrary web scripts/HTML in a user’s browser. The root cause is an input that is not properly saniti...

5.4CVSS5.3AI score0.00384EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/10/17 12:0 a.m.31 views

CVE-2022-42154

An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file...

9.8AI score0.00916EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.6 views

PT-2022-25878 · 74Cmsse · 74Cmsse

Name of the Vulnerable Software and Affected Versions: 74cmsSE version 3.12.0 Description: The issue allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account. Recommendations: For 74cmsSE version 3.12.0, at the...

6.5CVSS6.3AI score0.0055EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2022/10/17 12:0 a.m.8 views

CVE-2022-41471

74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account...

6.8AI score0.0055EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/10/17 12:0 a.m.8 views

CVE-2022-41472

74cmsSE v3.12.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field...

6.1AI score0.00384EPSS
Exploits1References1
CVE
CVE
added 2022/10/17 12:0 a.m.61 views

CVE-2022-41471

CVE-2022-41471 affects 74cmsSE v3.12.0. An authenticated attacker with low privileges can arbitrarily change the rights and credentials of the Super Administrator account. CVSS v3.1: 6.5 (Network, Low complexity, Privileges Required: Low, No user interaction, Confidentiality: None, Integrity: Hig...

6.5CVSS6.4AI score0.0055EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/17 12:0 a.m.9 views

CVE-2022-42154

An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file...

7.8AI score0.00916EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/10/17 12:0 a.m.30 views

CVE-2022-41471

74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account...

6.6AI score0.0055EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/10/17 12:0 a.m.34 views

CVE-2022-41472

74cmsSE v3.12.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field...

5.5AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/27 12:0 a.m.54 views

74cmsSE SQL Injection Vulnerability

74cmsSE is a free open source professional recruitment system based on PHP MYSQL. 74cmsSE is vulnerable to SQL injection, which results from a lack of validation of externally entered SQL statements in the /home/resume/index keyword parameter. An attacker could use this vulnerability to execute...

7.5CVSS2.7AI score0.00923EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/27 12:0 a.m.37 views

74cmsSE SQL Injection Vulnerability (CNVD-2022-61442)

74cmsSE is a free open source professional recruitment system based on PHP MYSQL. 74cmsSE is vulnerable to SQL injection, which results from a lack of validation of externally entered SQL statements in the /home/job/map keyword parameter. An attacker could use this vulnerability to execute illega...

7.5CVSS2.7AI score0.00923EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/27 12:0 a.m.44 views

74cmsSE SQL Injection Vulnerability (CNVD-2022-61441)

74cmsSE is a free, open source professional recruiting system based on PHP MYSQL. 74cmsSE is vulnerable to SQL injection, which results from a lack of validation of externally entered SQL statements in the /home/job/index keyword parameter. An attacker could use this vulnerability to execute...

7.5CVSS2.8AI score0.00923EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/27 12:0 a.m.44 views

74cmsSE SQL Injection Vulnerability (CNVD-2022-61440)

74cmsSE is a free open source professional recruitment system based on PHP MYSQL. 74cmsSE is vulnerable to SQL injection, which results from the lack of validation of external input SQL statements in the /freelance/resumelist keyword parameter. An attacker could use this vulnerability to execute...

7.5CVSS2.7AI score0.00923EPSS
Exploits1References1
Rows per page
Query Builder