37 matches found
CVE-2018-19693
An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter...
CVE-2018-19692
An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type...
CVE-2018-19693
An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter...
CVE-2018-19693
tp5cms (a PHP-based CMS framework) contains a cross-site scripting vulnerability in admin.php/system/set.html through the title parameter, present in tp5cms up to 2017-05-25. A remote attacker can inject arbitrary scripts/HTML via the title field. The CNVD entry for CNVD-2018-26479 explicitly des...
CVE-2018-19692
CVE-2018-19692 affects tp5cms (through 2017-05-25). The vulnerability is in admin.php/upload/picture.html, where uploading a .php file with image/jpeg content type allows remote code execution. Public sources describe tp5cms as a PHP-based CMS framework; CNVD notes vulnerability in 2017-05-25 and...
CVE-2018-15566
tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter...
Cross site request forgery (csrf)
tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html...
CVE-2018-15568
tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html...
CVE-2018-15568
tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html...
CVE-2018-15566
tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter...
Code injection
tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter...
CVE-2018-15566
tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter...
CVE-2018-15568
tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html...
CVE-2018-15568
The CVE-2018-15568 issue affects tp5cms (ThinkPHP-based CMS) through 2017-05-25, with a Cross-Site Request Forgery (CSRF) vulnerability exposed via the admin.php/category/delete.html page. The vulnerability allows CSRF to cause deletion actions (notably “type items”) when an attacker entices an a...
CVE-2018-15566
CVE-2018-15566 affects tp5cms prior to or on 2017-05-25. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the q parameter in admin.php/article/index.html, enabling injection of arbitrary script/HTML. Affected component is tp5cms’s admin article listing functionality; root ca...
tp5cms Cross-site Scripting Vulnerability
tp5cms is a content management system CMS framework written in the PHP language and based on technologies such as ThinkPHP, swiper and bootstrap. A cross-site scripting vulnerability exists in tp5cms 2017-05-25 and earlier versions. A remote attacker can exploit this vulnerability to inject...
tp5cms Cross-Site Request Forgery Vulnerability
tp5cms is a content management system CMS framework written in the PHP language and based on technologies such as ThinkPHP, swiper and bootstrap. A cross-site request forgery vulnerability exists in tp5cms 2017-05-25 and earlier versions. A remote attacker can exploit this vulnerability to delete...