99 matches found
CVE-2025-5327 chshcms mccms Gf.php index server-side request forgery
A vulnerability was found in chshcms mccms 2.7. It has been classified as critical. This affects the function index of the file sys/apps/controllers/api/Gf.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit h...
CVE-2025-5327
CVE-2025-5327 affects the chshcms mccms 2.7 platform. The issue resides in the index function of sys/apps/controllers/api/Gf.php where manipulating the parameter pic triggers a server-side request forgery (SSRF). Attacks are described as removable/remote, and the exploit is publicly disclosed. Th...
mccms 路径遍历漏洞
mccms diffuse city CMS is a rapid website building system for individual developers of China Smokey River South chshcms. A path traversal vulnerability exists in version 2.7 of mccms, which stems from a path traversal caused by incorrect operation of the parameter dirs in the file...
PT-2025-23201 · Unknown · Chshcms Mccms
Name of the Vulnerable Software and Affected Versions: chshcms mccms version 2.7 Description: A critical issue affects the function index of the file sys/apps/controllers/api/Gf.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack...
PT-2025-23202 · Unknown · Chshcms Mccms
Name of the Vulnerable Software and Affected Versions: chshcms mccms version 2.7 Description: A critical vulnerability affects the restore del function of the file /sys/apps/controllers/admin/Backups.php. The manipulation of the dirs argument leads to path traversal. The attack can be initiated...
CVE-2023-26782
An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface -System Configuration-Cache Configuration-Cache security characters...
CVE-2023-5029
A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The...
CVE-2023-3236
A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function picsave of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit ha...
CVE-2023-29815
mccms v2.6.3 is vulnerable to Cross Site Request Forgery CSRF...
CVE-2023-26781
SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center -Reader Comments -Search...
CVE-2023-3235
A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function picapi of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploi...
CVE-2023-5029
A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The...
CVE-2023-5029
A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The...
Sql injection
A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The...
CVE-2023-5029 mccms 1 sql injection
A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The...
CVE-2023-5029
CVE-2023-5029 affects mccms 2.6, specifically the file path /category/order/hits/copyright/46/finish/1/list/1. The issue is a SQL injection vulnerability exploitable by manipulating input, e.g., "1". The vulnerability has been disclosed publicly (VDB-239871) and is described as critical/high impa...
CVE-2023-5029 mccms 1 sql injection
A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The...
PT-2023-31525 · Mccms · Mccms
Name of the Vulnerable Software and Affected Versions: mccms version 2.6 Description: A critical issue was found in the software, affecting an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The issue can be exploited through SQL injection by manipulating the input wit...
mccms SQL Injection Vulnerability
mccms diffuse city CMS is a rapid website building system for individual developers of China Smokey River South chshcms. The mccms 2.6 version exists SQL injection vulnerability, the vulnerability stems from allowing attackers through the file copyright/46/finish/1/list/1 SQL injection...
CVE-2023-3236
A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function picsave of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit ha...