155 matches found
CVE-2022-41472
74cmsSE v3.12.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field...
Cross site scripting
74cmsSE v3.12.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field...
Privilege escalation
An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file...
PT-2022-25879 · 74Cmsse · 74Cmsse
Name of the Vulnerable Software and Affected Versions: 74cmsSE version 3.12.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. This is achieved through the /api/admin/notice/add API endpoint. Recommendations: For...
74cms 代码问题漏洞
XUNYI TECHNOLOGY 74cms is a PHP and MySQL based online recruitment system from China Xunyi Technology Company. A security vulnerability exists in version 74cmsSE v3.13.0, which stems from the /apiadmin/upload/attach component that allows an attacker to upload arbitrary files, resulting in the...
PT-2022-26287 · 74Cmsse · 74Cmsse
Name of the Vulnerable Software and Affected Versions: 74cmsSE version 3.13.0 Description: An arbitrary file upload issue in the "/api/admin/upload/attach" API endpoint allows attackers to execute arbitrary code via a crafted PHP file. Recommendations: For 74cmsSE version 3.13.0, consider disabli...
CVE-2022-42154
CVE-2022-42154 involves an arbitrary file upload vulnerability in the 74cmsSE web app, specifically the "/apiadmin/upload/attach" endpoint. A crafted PHP file can be uploaded, enabling attackers to achieve arbitrary code execution on v3.13.0. The CVSS v3.1 score is 9.8 (CRITICAL) with network att...
CVE-2022-41472
CVE-2022-41472 affects 74cmsSE v3.12.0. The vulnerability is a Cross‑Site Scripting (XSS) in the API endpoint “/apiadmin/notice/add” where a crafted payload placed in the Title field can execute arbitrary web scripts/HTML in a user’s browser. The root cause is an input that is not properly saniti...
CVE-2022-42154
An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file...
PT-2022-25878 · 74Cmsse · 74Cmsse
Name of the Vulnerable Software and Affected Versions: 74cmsSE version 3.12.0 Description: The issue allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account. Recommendations: For 74cmsSE version 3.12.0, at the...
CVE-2022-41471
74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account...
CVE-2022-41472
74cmsSE v3.12.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field...
CVE-2022-41471
CVE-2022-41471 affects 74cmsSE v3.12.0. An authenticated attacker with low privileges can arbitrarily change the rights and credentials of the Super Administrator account. CVSS v3.1: 6.5 (Network, Low complexity, Privileges Required: Low, No user interaction, Confidentiality: None, Integrity: Hig...
CVE-2022-42154
An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-41471
74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account...
CVE-2022-41472
74cmsSE v3.12.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field...
74cmsSE SQL Injection Vulnerability
74cmsSE is a free open source professional recruitment system based on PHP MYSQL. 74cmsSE is vulnerable to SQL injection, which results from a lack of validation of externally entered SQL statements in the /home/resume/index keyword parameter. An attacker could use this vulnerability to execute...
74cmsSE SQL Injection Vulnerability (CNVD-2022-61442)
74cmsSE is a free open source professional recruitment system based on PHP MYSQL. 74cmsSE is vulnerable to SQL injection, which results from a lack of validation of externally entered SQL statements in the /home/job/map keyword parameter. An attacker could use this vulnerability to execute illega...
74cmsSE SQL Injection Vulnerability (CNVD-2022-61441)
74cmsSE is a free, open source professional recruiting system based on PHP MYSQL. 74cmsSE is vulnerable to SQL injection, which results from a lack of validation of externally entered SQL statements in the /home/job/index keyword parameter. An attacker could use this vulnerability to execute...
74cmsSE SQL Injection Vulnerability (CNVD-2022-61440)
74cmsSE is a free open source professional recruitment system based on PHP MYSQL. 74cmsSE is vulnerable to SQL injection, which results from the lack of validation of external input SQL statements in the /freelance/resumelist keyword parameter. An attacker could use this vulnerability to execute...