3 matches found
CVE-2020-18166
Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc"...
CVE-2018-19222
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysqlhy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists...
CVE-2018-19226
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI...