EUVD-2024-50914

Malicious code in bioql PyPI...

PT-2025-3402 · Classcms · Classcms

Name of the Vulnerable Software and Affected Versions: ClassCMS version 4.8 Description: The issue allows attackers to execute arbitrary code and potentially take control of the server by constructing a payload in the classview parameter of the model management feature. This enables them to explo...

CVE-2024-57099

ClassCMS v4.8 is exposed to a code execution vulnerability exploitable through the classview parameter in the model management feature. An attacker can supply a crafted payload to achieve arbitrary code execution and potentially take full control of the server. The issue is documented across mult...

CVE-2024-12503

A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Model Management Page. The manipulation of the argument URL leads to cross site scripting. The attack can be launched...

CVE-2024-12503 ClassCMS Model Management Page admin cross site scripting

A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Model Management Page. The manipulation of the argument URL leads to cross site scripting. The attack can be launched...

CVE-2024-8145

A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Affected by this issue is some unknown functionality of the file /index.php/admin of the component Article Handler. The manipulation of the argument Title leads to basic cross site scripting. The attack may be...

CVE-2024-8145

CVE-2024-8145 affects ClassCMS 4.8. The root cause is a cross-site scripting vulnerability in the Article Handler’s /index.php/admin functionality, triggered by manipulating the Title parameter. Impact is basic XSS with complexity described as network-exploitable and requiring high privileges wit...

CVE-2024-8144

A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2024-8144

ClassCMS 4.8 contains an XSS vulnerability in the Logo Handler component, specifically via the unknown functionality at /index.php/admin. The issue allows remote exploitation and has public disclosure. Several sources corroborate a cross-site scripting impact originating from that admin entry poi...