5 matches found
CVE-2022-25582
A stored cross-site scripting XSS vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field...
CVE-2022-25581
Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file...
Code injection
Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file...
CVE-2022-25581
Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file...
CVE-2022-25581
CVE-2022-25581 affects Classcms v2.5 and earlier. The issue is an arbitrary file upload via the class\classupload component, which can allow code execution through a crafted .txt file. The vulnerability is documented across multiple feeds (NVD/Red Hat/OSV etc.) with no publicly provided patch det...