Remote Code Execution (RCE)

torfs-ict/cmsms is vulnerable to Remote Code Execution. The vulnerability exists because the library does not properly validate uploaded files, allowing an attacker to upload and execute a malicious file...

SQL Injection

torfs-ict/cmsms is vulnerable to SQL Injection attacks. The vulnerability exists in the m1sortby parameter in function.adminarticlestab.php due to improperly validated parameters, allowing a remote attacker to inject arbitrary SQL commands...