99 matches found
CVE-2024-57099
ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server...
CVE-2024-57099
ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server...
CVE-2024-57097
ClassCMS 4.8 is vulnerable to Cross Site Scripting XSS in class/admin/channel.php...
CVE-2024-57097
ClassCMS 4.8 is vulnerable to Cross Site Scripting XSS in class/admin/channel.php...
PT-2025-3402 · Classcms · Classcms
Name of the Vulnerable Software and Affected Versions: ClassCMS version 4.8 Description: The issue allows attackers to execute arbitrary code and potentially take control of the server by constructing a payload in the classview parameter of the model management feature. This enables them to explo...
CVE-2024-57097
ClassCMS 4.8 is vulnerable to Cross Site Scripting XSS in class/admin/channel.php...
CVE-2024-57097
ClassCMS 4.8 is affected by a Cross Site Scripting (XSS) vulnerability in the file class/admin/channel.php. The CVE entry reflects XSS with a CVSS v3.1 base score of 4.8 (MEDIUM) and an attack scenario requiring network access, low attack complexity, high privileges, user interaction, and a chang...
PT-2025-3400 · Classcms · Classcms
Name of the Vulnerable Software and Affected Versions: ClassCMS version 4.8 Description: The issue is related to Cross Site Scripting XSS in the class/admin/channel.php file. This allows for potential malicious script injection. Recommendations: For ClassCMS version 4.8, consider restricting acce...
CVE-2024-57099
ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server...
CVE-2024-57097
ClassCMS 4.8 is vulnerable to Cross Site Scripting XSS in class/admin/channel.php...
CVE-2024-57099
ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server...
ClassCMS 安全漏洞
ClassCMS is a simple, flexible, secure and easy-to-expand content management system from China ClassCMS open source. A security vulnerability exists in ClassCMS version 4.8, which stems from vulnerability to cross-site scripting attacks...
ClassCMS 安全漏洞
ClassCMS is a simple, flexible, secure and easy to expand content management system from China ClassCMS open source. A security vulnerability exists in ClassCMS version 4.8, which stems from a code execution vulnerability that allows an attacker to execute arbitrary code by constructing a payload...
CVE-2024-57099
ClassCMS v4.8 is exposed to a code execution vulnerability exploitable through the classview parameter in the model management feature. An attacker can supply a crafted payload to achieve arbitrary code execution and potentially take full control of the server. The issue is documented across mult...
ClassCMS Code Injection Vulnerability
ClassCMS is China ClassCMS open source a simple , flexible , secure , easy to expand the content management system . ClassCMS 4.8 version of the code injection vulnerability , an attacker can exploit the vulnerability leads to cross-site scripting attacks...
CVE-2024-12666
A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of insufficient privileges. The...
CVE-2024-12666
A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of insufficient privileges. The...
CVE-2024-12666 ClassCMS User Management Page admin insufficient privileges
A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of insufficient privileges. The...
CVE-2024-12666 ClassCMS User Management Page admin insufficient privileges
A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of insufficient privileges. The...
CVE-2024-12666
CVE-2024-12666 affects ClassCMS up to version 4.8, where a vulnerability exists in the file path "/admin?do=admin:user:editPost" in the User Management Page . The root cause is described as improper handling of insufficient privileges, enabling a remote attack. The exploit has been disclosed publ...