CVE-2022-30898

A Cross-site request forgery CSRF vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password...

CVE-2022-30898

CVE-2022-30898 affects Cscms Music Portal System v4.2. A CSRF flaw in the admin flow (notably via /Cscms_4.2/upload/admin.php/sys/save) allows remote attackers to change the administrator’s username and password. Multiple sources (NVD, RH, PRION, CNNVD, CVE listing) confirm the issue; exploitatio...

Sql injection

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save...

Sql injection

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan...

Sql injection

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted photos...

CVE-2022-29680

CVE-2022-29680 affects CSCMS Music Portal System v4.2. A blind SQL injection exists in the id parameter of /admin.php/user/zu_del due to lack of input validation, enabling potential unauthorized access to database data. CVSS metrics present: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD 3.1) and CVSS2...

Sql injection

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component danceDance.phpdel...

Sql injection

Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component danceDance.phphy...

CVE-2022-27367

Summary of CVE-2022-27367 (Cscms Music Portal System v4.2): A SQL injection vulnerability exists in the Dance_Topic.php_del component of Cscms Music Portal System v4.2. The vulnerability arises from improper handling of input in the affected function, enabling injection attacks against the databa...