3 matches found
Unrestricted file upload
Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc"...
CVE-2020-18167
CVE-2020-18167 describes a cross-site scripting (XSS) vulnerability in LAOBANCMS v2.0. The issue allows remote attackers to execute arbitrary code by injecting commands into the paste/el Homepage Introduction field of the component at admin/info.php?shuyu. Multiple connected sources (NVD, Red Hat...
Cross site scripting
Cross Site Scripting XSS in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu"...