27 matches found
CVE-2023-30266
CLTPHP =6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type...
CVE-2023-30267
CLTPHP =6.0 is vulnerable to Cross Site Scripting XSS via application/home/controller/Changyan.php...
CVE-2023-30265
CLTPHP =6.0 is vulnerable to Directory Traversal...
CVE-2023-30265
CLTPHP =6.0 is vulnerable to Directory Traversal...
CVE-2023-30269
CLTPHP =6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php...
CVE-2022-1085 CLTPHP POST Parameter cross site scripting
A vulnerability was found in CLTPHP up to 6.0. It has been declared as problematic. Affected by this vulnerability is the POST Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...
xml entity injection vulnerability in CLTPHP version 5.5.3
CLTPHP is a content management system developed in ThinkPHP with the Layui framework in the backend. CLTPHP version 5.5.3 has an XML entity injection vulnerability in the program implementation, which can be exploited by attackers to read arbitrary files, execute system commands, probe intranet...