24 matches found
CVE-2024-48180
ClassCMS =4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code...
ClassCMS Cross-Site Scripting Vulnerability (CNVD-2024-33676)
ClassCMS is China ClassCMS open source a simple , flexible , secure , easy to expand the content management system . ClassCMS cross-site scripting vulnerability , the vulnerability stems from /admin/?action=home&do=shop:index&keyword=&kind=all file in the order parameter contains cross-site...
CVE-2022-45966
here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5...
CVE-2022-25581
Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file...