354 matches found
SQL Injection Vulnerability in Cscms
Cscms is a diversified content management system, the use of PHP5 MYSQL as the technical basis for development, the use of OOP object-oriented approach to the basic operation of the framework to build. Cscms has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive...
SQL Injection Vulnerability in CSCMS Frontend
cscms is a diversified content management system, using PHP5 MYSQL as the technical basis for development, using OOP object-oriented approach to the basic operation of the framework to build. CSCMS front-end SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive...
Command Execution Vulnerability in Cscms Backend
cscms is a diversified content management system, using PHP5 MYSQL as the technical basis for development, using OOP object-oriented approach to the basic operation of the framework to build. Cscms backend command execution vulnerability, attackers can use the vulnerability to obtain control of t...
Command Execution Vulnerability in Cscms
Cheng's CMS-cscms is a diversified content management system, using PHP5+MYSQL as the technical basis for development, using the OOP object-oriented approach to build the basic operational framework. Cscms has a command execution vulnerability that can be exploited by attackers to gain control of...
Arbitrary File Deletion Vulnerability in Cscms of Guilin Chongsheng Network Technology Company Limited (CNVD-2020-47298)
Cscms is a multi-functional network information management system developed by Chongsheng Network Technology. Cscms has an arbitrary file deletion vulnerability that can be exploited by an attacker to delete arbitrary files from the server...
Command Execution Vulnerability in Cscms File of Guilin Chongsheng Network Technology Co.
Cscms is a multi-functional network information management system developed by Chongsheng Network Technology. Cscms file has a command execution vulnerability that can be exploited by an attacker to gain control of the web server...
File Upload, Arbitrary File Deletion Vulnerability in CSCMS
CSCMS is a multi-functional network information management system developed by Chongsheng Network Technology. CSCMS file file upload, arbitrary file deletion vulnerability, an attacker can use this vulnerability to obtain server privileges, delete arbitrary files...
Arbitrary File Read Vulnerability in ctcms
Chong Sheng Network Technology has developed Cscms Portal Content Management System, Ctcms Network Video Education Management System, Aggregate Payment, and a Multi-Merchant Entry Card Issuing Platform Management System. ctcms has an arbitrary file read vulnerability, an attacker can exploit the...
xml entity injection vulnerability in ctcms version 2.0.2
Chongsheng Network Technology is an emerging network technology limited company. It has developed Cscms portal content management system, Ctcms network video education management system, polymerization payment, and a multi-merchant card issuance platform management system. ctcms2.0.2 version of t...
SQL Injection Vulnerability in CSCMS Pl***.php File
CSCMS is a multi-functional network information management system developed by Chongsheng Network Technology. SQL injection vulnerability exists in the CSCMS Pl.php file, which can be exploited by attackers to obtain sensitive information...
Cscms Cross-Site Scripting Vulnerability (CNVD-2019-07948)
CScms is a content management system CMS developed on a CI framework. A cross-site scripting vulnerability exists in the admin.php/pay page in Cscms version 4.1.0. A remote attacker can exploit the vulnerability to change the paypal account...
CVE-2019-9598
An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds...
CVE-2019-9598
An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds...
Cross site request forgery (csrf)
An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds...
CVE-2019-9598
An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds...
CVE-2019-9598
The CVE-2019-9598 entry describes a CSRF vulnerability in Cscms 4.1.0, specifically in the admin.php/pay flow, that allows an attacker to change the payment account and redirect funds. Documents confirm affected software (Cscms 4.1.0) and the vulnerability class (CSRF) with the underlying impact ...
CVE-2019-6779
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links...
CVE-2019-6779
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links...
Cross site request forgery (csrf)
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links...
CVE-2019-6779
CVE-2019-6779 affects CSCMS 4.1.8. The vulnerability is a CSRF flaw on the admin.php/links/save endpoint, enabling an attacker to add, modify, or delete friend links without providing proper authorization. Root cause stated is lack of CSRF protection on that admin action; exploitation details are...