Lucene search
K

37 matches found

OSV
OSV
added 2018/11/29 6:29 p.m.4 views

CVE-2018-19693

An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter...

6.1CVSS5.8AI score0.00707EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/11/29 6:0 p.m.17 views

CVE-2018-19692

An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type...

9.8AI score0.01521EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/11/29 6:0 p.m.21 views

CVE-2018-19693

An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter...

6AI score0.00707EPSS
Exploits1References1
CVE
CVE
added 2018/11/29 6:0 p.m.43 views

CVE-2018-19693

tp5cms (a PHP-based CMS framework) contains a cross-site scripting vulnerability in admin.php/system/set.html through the title parameter, present in tp5cms up to 2017-05-25. A remote attacker can inject arbitrary scripts/HTML via the title field. The CNVD entry for CNVD-2018-26479 explicitly des...

6.1CVSS5.9AI score0.00707EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/11/29 6:0 p.m.42 views

CVE-2018-19692

CVE-2018-19692 affects tp5cms (through 2017-05-25). The vulnerability is in admin.php/upload/picture.html, where uploading a .php file with image/jpeg content type allows remote code execution. Public sources describe tp5cms as a PHP-based CMS framework; CNVD notes vulnerability in 2017-05-25 and...

9.8CVSS9.6AI score0.01521EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/08/20 1:29 a.m.17 views

CVE-2018-15566

tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter...

6.1CVSS6.1AI score0.00675EPSS
Exploits1References1
Prion
Prion
added 2018/08/20 1:29 a.m.14 views

Cross site request forgery (csrf)

tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html...

6.8CVSS8.7AI score0.00483EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/08/20 1:29 a.m.21 views

CVE-2018-15568

tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html...

8.8CVSS8.8AI score0.00483EPSS
Exploits0References1
OSV
OSV
added 2018/08/20 1:29 a.m.5 views

CVE-2018-15568

tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html...

8.8CVSS5.8AI score0.00483EPSS
Exploits0References1
OSV
OSV
added 2018/08/20 1:29 a.m.5 views

CVE-2018-15566

tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter...

6.1CVSS5.8AI score0.00675EPSS
Exploits1References1
Prion
Prion
added 2018/08/20 1:29 a.m.14 views

Code injection

tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter...

4.3CVSS6AI score0.00675EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/08/20 1:0 a.m.20 views

CVE-2018-15566

tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter...

6.1AI score0.00675EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/08/20 1:0 a.m.17 views

CVE-2018-15568

tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html...

8.8AI score0.00483EPSS
Exploits0References1
CVE
CVE
added 2018/08/20 1:0 a.m.39 views

CVE-2018-15568

The CVE-2018-15568 issue affects tp5cms (ThinkPHP-based CMS) through 2017-05-25, with a Cross-Site Request Forgery (CSRF) vulnerability exposed via the admin.php/category/delete.html page. The vulnerability allows CSRF to cause deletion actions (notably “type items”) when an attacker entices an a...

8.8CVSS8.7AI score0.00483EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/08/20 1:0 a.m.35 views

CVE-2018-15566

CVE-2018-15566 affects tp5cms prior to or on 2017-05-25. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the q parameter in admin.php/article/index.html, enabling injection of arbitrary script/HTML. Affected component is tp5cms’s admin article listing functionality; root ca...

6.1CVSS6AI score0.00675EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/08/20 12:0 a.m.2 views

tp5cms Cross-site Scripting Vulnerability

tp5cms is a content management system CMS framework written in the PHP language and based on technologies such as ThinkPHP, swiper and bootstrap. A cross-site scripting vulnerability exists in tp5cms 2017-05-25 and earlier versions. A remote attacker can exploit this vulnerability to inject...

6.1CVSS5.9AI score0.00675EPSS
Exploits1References1
CNVD
CNVD
added 2018/08/20 12:0 a.m.2 views

tp5cms Cross-Site Request Forgery Vulnerability

tp5cms is a content management system CMS framework written in the PHP language and based on technologies such as ThinkPHP, swiper and bootstrap. A cross-site request forgery vulnerability exists in tp5cms 2017-05-25 and earlier versions. A remote attacker can exploit this vulnerability to delete...

8.8CVSS8.8AI score0.00483EPSS
Exploits0References1
Rows per page
Query Builder