272 matches found
CVE-2026-7578
A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remote...
CVE-2026-7578
MacCMS Pro
EUVD-2026-26495
A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remote...
CVE-2026-7578 MacCMS Pro Plugin Installation add.html install unrestricted upload
A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remote...
CVE-2026-7578
A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remote...
CVE-2026-7578 MacCMS Pro Plugin Installation add.html install unrestricted upload
A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remote...
PT-2026-36316
Name of the Vulnerable Software and Affected Versions MacCMS Pro versions prior to 2022.1.4 Description A weakness in the Plugin Installation Handler component allows for unrestricted file upload. This issue occurs within the install function of the file '/admi.php/admin/addon/add.html' and can b...
maccms_pro 访问控制错误漏洞
Maccmspro is a content management system developed by Maccmspro’s individual developers. Versions of Maccmspro prior to 2022.1.3 had an access control vulnerability. This vulnerability stemmed from an unlimited upload issue in the install function of the file/admi.php/admin/addon/add.html within...
CVE-2026-4563
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...
CVE-2026-4562
A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The exploit has been...
EUVD-2026-14339
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...
EUVD-2026-14337
A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The exploit has been...
CVE-2026-4562
A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The exploit has been...
CVE-2026-4563
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...
maccms 访问控制错误漏洞
MacCMS is a comprehensive and powerful website building system developed under the PHP+MySQL environment by MagicBlack. Version MacCMS 2025.1000.4052 contains a security vulnerability related to access control. This vulnerability stems from the lack of authentication for the Timming API Endpoint...
maccms 安全漏洞
MacCMS is a comprehensive and powerful website building system developed under the PHP+MySQL environment by MagicBlack. Versions of MacCMS prior to 2025.1000.4052 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the orderid parameter in the Member Order...
CVE-2026-4563
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...
CVE-2026-4563
MacCMS (up to 2025.1000.4052) contains a vulnerability in the function order_info within application/index/controller/User.php of the Member Order Detail Interface that allows authorization bypass via manipulation of the order_id parameter. A remote attack is possible, and public exploits exist o...
CVE-2026-4563 MacCMS Member Order Detail User.php order_info authorization
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...
CVE-2026-4563 MacCMS Member Order Detail User.php order_info authorization
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...