Lucene search
+L

99 matches found

Cvelist
Cvelist
added 2025/05/29 8:31 p.m.22 views

CVE-2025-5327 chshcms mccms Gf.php index server-side request forgery

A vulnerability was found in chshcms mccms 2.7. It has been classified as critical. This affects the function index of the file sys/apps/controllers/api/Gf.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit h...

6.5CVSS0.00428EPSS
Exploits1References4
CVE
CVE
added 2025/05/29 8:31 p.m.64 views

CVE-2025-5327

CVE-2025-5327 affects the chshcms mccms 2.7 platform. The issue resides in the index function of sys/apps/controllers/api/Gf.php where manipulating the parameter pic triggers a server-side request forgery (SSRF). Attacks are described as removable/remote, and the exploit is publicly disclosed. Th...

8.8CVSS6.4AI score0.00428EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/05/29 12:0 a.m.5 views

mccms 路径遍历漏洞

mccms diffuse city CMS is a rapid website building system for individual developers of China Smokey River South chshcms. A path traversal vulnerability exists in version 2.7 of mccms, which stems from a path traversal caused by incorrect operation of the parameter dirs in the file...

8.8CVSS5.5AI score0.00971EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/05/29 12:0 a.m.5 views

PT-2025-23201 · Unknown · Chshcms Mccms

Name of the Vulnerable Software and Affected Versions: chshcms mccms version 2.7 Description: A critical issue affects the function index of the file sys/apps/controllers/api/Gf.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack...

8.8CVSS6.3AI score0.00428EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/05/29 12:0 a.m.6 views

PT-2025-23202 · Unknown · Chshcms Mccms

Name of the Vulnerable Software and Affected Versions: chshcms mccms version 2.7 Description: A critical vulnerability affects the restore del function of the file /sys/apps/controllers/admin/Backups.php. The manipulation of the dirs argument leads to path traversal. The attack can be initiated...

8.8CVSS5.3AI score0.00971EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/05/23 5:37 a.m.7 views

CVE-2023-26782

An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface -System Configuration-Cache Configuration-Cache security characters...

6.5CVSS6.8AI score0.00872EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:35 a.m.9 views

CVE-2023-5029

A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The...

8.8CVSS7.3AI score0.00588EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:48 a.m.9 views

CVE-2023-3236

A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function picsave of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit ha...

8.8CVSS7AI score0.00701EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:41 a.m.7 views

CVE-2023-29815

mccms v2.6.3 is vulnerable to Cross Site Request Forgery CSRF...

8.8CVSS6.9AI score0.00295EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:29 a.m.8 views

CVE-2023-26781

SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center -Reader Comments -Search...

9.8CVSS8.3AI score0.0098EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:55 a.m.10 views

CVE-2023-3235

A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function picapi of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploi...

8.8CVSS6.9AI score0.00701EPSS
Exploits1References1
OSV
OSV
added 2023/09/17 10:15 p.m.6 views

CVE-2023-5029

A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The...

8.8CVSS5.5AI score0.00588EPSS
Exploits1References3
NVD
NVD
added 2023/09/17 10:15 p.m.20 views

CVE-2023-5029

A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The...

8.8CVSS6.7AI score0.00588EPSS
Exploits1References3
Prion
Prion
added 2023/09/17 10:15 p.m.20 views

Sql injection

A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The...

5.2CVSS8.9AI score0.00588EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/09/17 9:31 p.m.34 views

CVE-2023-5029 mccms 1 sql injection

A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The...

5.5CVSS9.2AI score0.00588EPSS
Exploits1References3
CVE
CVE
added 2023/09/17 9:31 p.m.37 views

CVE-2023-5029

CVE-2023-5029 affects mccms 2.6, specifically the file path /category/order/hits/copyright/46/finish/1/list/1. The issue is a SQL injection vulnerability exploitable by manipulating input, e.g., "1". The vulnerability has been disclosed publicly (VDB-239871) and is described as critical/high impa...

8.8CVSS6.7AI score0.00588EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/17 9:31 p.m.14 views

CVE-2023-5029 mccms 1 sql injection

A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The...

5.5CVSS7.3AI score0.00588EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/09/17 12:0 a.m.9 views

PT-2023-31525 · Mccms · Mccms

Name of the Vulnerable Software and Affected Versions: mccms version 2.6 Description: A critical issue was found in the software, affecting an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The issue can be exploited through SQL injection by manipulating the input wit...

8.8CVSS6.2AI score0.00588EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/09/17 12:0 a.m.5 views

mccms SQL Injection Vulnerability

mccms diffuse city CMS is a rapid website building system for individual developers of China Smokey River South chshcms. The mccms 2.6 version exists SQL injection vulnerability, the vulnerability stems from allowing attackers through the file copyright/46/finish/1/list/1 SQL injection...

8.8CVSS7.9AI score0.00588EPSS
Exploits1References5
OSV
OSV
added 2023/06/14 7:15 a.m.3 views

CVE-2023-3236

A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function picsave of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit ha...

8.8CVSS5.4AI score0.00701EPSS
Exploits1References3
Rows per page
Query Builder