18 matches found
EUVD-2018-8904
Malware in sbrugna...
EUVD-2018-8532
Malware in sbrugna...
EUVD-2018-8533
Malware in sbrugna...
EUVD-2022-32994
Malicious code in bioql PyPI...
CVE-2022-28552
Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin...
Sql injection
Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin...
CVE-2018-17126
CScms 4.1 allows remote code execution, as demonstrated by 1';eval$POSTcmd; in Web Name to upload\plugins\sys\Install.php...
CVE-2018-17125
CScms 4.1 allows arbitrary directory deletion via a dir=..\ substring to plugins\sys\admin\Plugins.php...
CScms Arbitrary Directory Deletion Vulnerability
CScms is a content management system CMS developed on a CI framework. An arbitrary directory deletion vulnerability exists in CScms version 4.1. An attacker can delete arbitrary directories by sending a dir=... to the plugins\sys\admin\Plugins.php page. \\ sub-string to the...
CVE-2018-16730
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name...
Cross site request forgery (csrf)
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftpsave...
Default credentials
CScms 4.1 allows arbitrary file upload by for example adding the php extension to the default filetype list gif, jpg, png, and then providing a .php pathname within fileurl JSON data...
CVE-2018-16732
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftpsave...
Cross site scripting
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name...
CVE-2018-16730
CVE-2018-16730 : In CScms 4.1, a cross-site scripting (XSS) vulnerability exists in the file path "\upload\plugins\sys\Install.php" triggered via the site name. The issue is documented across multiple sources (e.g., NVD/CNVD entries) as a CMS-originated XSS in that specific component. The connect...
CVE-2018-16732
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftpsave...
CVE-2018-16730
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name...
CVE-2018-16732
CVE-2018-16732 affects CScms 4.1. The flaw is in \upload\plugins\sys\admin\Setting.php, enabling CSRF via admin.php/setting/ftp_save. CVSS data: v2 base 6.8 (NETWORK, no auth, partial CIA/I/A), and CVSSv3 base 8.8 (NETWORK, UI REQUIRED, HIGH impact on Confidentiality, Integrity, Availability). Co...