EUVD-2023-43912

Malicious code in bioql PyPI...

CVE-2025-51818

MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands...

PT-2025-34217 · Mccms · Mccms

Name of the Vulnerable Software and Affected Versions: MCCMS version 2.7.0 Description: MCCMS version 2.7.0 is susceptible to arbitrary file deletion via the Backups.php component. This allows an attacker to execute arbitrary commands. Recommendations: At the moment, there is no information about...

CVE-2025-50234

MCCMS v2.7.0 has an SSRF vulnerability located in the index method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sysauth$pic, 1 function, which utilizes a hard-coded key McEncryptionKey bD2voYwPpNuJ7B8, defined in the...

CVE-2025-50234

MCCMS v2.7.0 has an SSRF vulnerability located in the index method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sysauth$pic, 1 function, which utilizes a hard-coded key McEncryptionKey bD2voYwPpNuJ7B8, defined in the...

CVE-2023-29815

mccms v2.6.3 is vulnerable to Cross Site Request Forgery CSRF...

PT-2023-20797 · Mccms · Mccms

Name of the Vulnerable Software and Affected Versions: mccms version 2.6.1 Description: An issue in the Backend management interface, specifically in System Configuration-Cache Configuration-Cache security characters, allows remote attackers to cause a denial of service. Recommendations: For mccm...

PT-2023-22429 · Mccms · Mccms

Name of the Vulnerable Software and Affected Versions: mccms version 2.6.3 Description: The issue is related to Cross Site Request Forgery CSRF, which is a type of attack that tricks a user into performing unintended actions on a web application. No information is provided about the estimated...