Lucene search
+L

354 matches found

cnvd
cnvd
added 2021/05/27 12:0 a.m.4 views

SQL Injection Vulnerability in Cscms

Cscms is a diversified content management system, the use of PHP5 MYSQL as the technical basis for development, the use of OOP object-oriented approach to the basic operation of the framework to build. Cscms has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive...

7.8AI score
Exploits0
cnvd
cnvd
added 2021/04/09 12:0 a.m.3 views

SQL Injection Vulnerability in CSCMS Frontend

cscms is a diversified content management system, using PHP5 MYSQL as the technical basis for development, using OOP object-oriented approach to the basic operation of the framework to build. CSCMS front-end SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive...

7.9AI score
Exploits0
cnvd
cnvd
added 2021/04/09 12:0 a.m.5 views

Command Execution Vulnerability in Cscms Backend

cscms is a diversified content management system, using PHP5 MYSQL as the technical basis for development, using OOP object-oriented approach to the basic operation of the framework to build. Cscms backend command execution vulnerability, attackers can use the vulnerability to obtain control of t...

7.3AI score
Exploits0
cnvd
cnvd
added 2020/12/29 12:0 a.m.3 views

Command Execution Vulnerability in Cscms

Cheng's CMS-cscms is a diversified content management system, using PHP5+MYSQL as the technical basis for development, using the OOP object-oriented approach to build the basic operational framework. Cscms has a command execution vulnerability that can be exploited by attackers to gain control of...

7.6AI score
Exploits0
cnvd
cnvd
added 2020/07/12 12:0 a.m.1 views

Arbitrary File Deletion Vulnerability in Cscms of Guilin Chongsheng Network Technology Company Limited (CNVD-2020-47298)

Cscms is a multi-functional network information management system developed by Chongsheng Network Technology. Cscms has an arbitrary file deletion vulnerability that can be exploited by an attacker to delete arbitrary files from the server...

6.8AI score
Exploits0
cnvd
cnvd
added 2020/07/12 12:0 a.m.1 views

Command Execution Vulnerability in Cscms File of Guilin Chongsheng Network Technology Co.

Cscms is a multi-functional network information management system developed by Chongsheng Network Technology. Cscms file has a command execution vulnerability that can be exploited by an attacker to gain control of the web server...

7.2AI score
Exploits0
cnvd
cnvd
added 2019/09/09 12:0 a.m.1 views

File Upload, Arbitrary File Deletion Vulnerability in CSCMS

CSCMS is a multi-functional network information management system developed by Chongsheng Network Technology. CSCMS file file upload, arbitrary file deletion vulnerability, an attacker can use this vulnerability to obtain server privileges, delete arbitrary files...

6.8AI score
Exploits0
cnvd
cnvd
added 2019/07/14 12:0 a.m.2 views

Arbitrary File Read Vulnerability in ctcms

Chong Sheng Network Technology has developed Cscms Portal Content Management System, Ctcms Network Video Education Management System, Aggregate Payment, and a Multi-Merchant Entry Card Issuing Platform Management System. ctcms has an arbitrary file read vulnerability, an attacker can exploit the...

6.9AI score
Exploits0
cnvd
cnvd
added 2019/07/04 12:0 a.m.2 views

xml entity injection vulnerability in ctcms version 2.0.2

Chongsheng Network Technology is an emerging network technology limited company. It has developed Cscms portal content management system, Ctcms network video education management system, polymerization payment, and a multi-merchant card issuance platform management system. ctcms2.0.2 version of t...

7.2AI score
Exploits0
cnvd
cnvd
added 2019/06/15 12:0 a.m.1 views

SQL Injection Vulnerability in CSCMS Pl***.php File

CSCMS is a multi-functional network information management system developed by Chongsheng Network Technology. SQL injection vulnerability exists in the CSCMS Pl.php file, which can be exploited by attackers to obtain sensitive information...

7.7AI score
Exploits0
cnvd
cnvd
added 2019/03/08 12:0 a.m.3 views

Cscms Cross-Site Scripting Vulnerability (CNVD-2019-07948)

CScms is a content management system CMS developed on a CI framework. A cross-site scripting vulnerability exists in the admin.php/pay page in Cscms version 4.1.0. A remote attacker can exploit the vulnerability to change the paypal account...

6.5CVSS6.3AI score0.00506EPSS
Exploits1References1
nvd
nvd
added 2019/03/07 11:29 p.m.13 views

CVE-2019-9598

An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds...

6.5CVSS6.5AI score0.00506EPSS
Exploits1References1
osv
osv
added 2019/03/07 11:29 p.m.5 views

CVE-2019-9598

An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds...

6.5CVSS5.8AI score0.00506EPSS
Exploits1References1
prion
prion
added 2019/03/07 11:29 p.m.18 views

Cross site request forgery (csrf)

An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds...

4.3CVSS6.4AI score0.00506EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2019/03/07 10:0 p.m.21 views

CVE-2019-9598

An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds...

6.5AI score0.00506EPSS
Exploits1References1
cve
cve
added 2019/03/07 10:0 p.m.42 views

CVE-2019-9598

The CVE-2019-9598 entry describes a CSRF vulnerability in Cscms 4.1.0, specifically in the admin.php/pay flow, that allows an attacker to change the payment account and redirect funds. Documents confirm affected software (Cscms 4.1.0) and the vulnerability class (CSRF) with the underlying impact ...

6.5CVSS6.4AI score0.00506EPSS
Exploits1References1Affected Software1
osv
osv
added 2019/01/24 7:29 p.m.6 views

CVE-2019-6779

Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links...

8.1CVSS7.3AI score
Exploits0References1
nvd
nvd
added 2019/01/24 7:29 p.m.15 views

CVE-2019-6779

Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links...

8.1CVSS8.1AI score0.00453EPSS
Exploits1References1
prion
prion
added 2019/01/24 7:29 p.m.13 views

Cross site request forgery (csrf)

Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links...

5.8CVSS8AI score0.00453EPSS
Exploits1References1Affected Software1
cve
cve
added 2019/01/24 7:0 p.m.43 views

CVE-2019-6779

CVE-2019-6779 affects CSCMS 4.1.8. The vulnerability is a CSRF flaw on the admin.php/links/save endpoint, enabling an attacker to add, modify, or delete friend links without providing proper authorization. Root cause stated is lack of CSRF protection on that admin action; exploitation details are...

8.1CVSS8AI score0.00453EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder