8 matches found
CVE-2022-29624
An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file...
Design/Logic Flaw
An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-29624
TPCMS v3.2 contains an arbitrary file upload vulnerability in the Add File function that can allow an attacker to execute arbitrary PHP code via a crafted file. The issue stems from insufficient validation of uploaded files, enabling remote code execution. Affected product: TPCMS 3.2 (openβsource...
CVE-2022-29624
An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27442
TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password...
CVE-2022-27441
A stored cross-site scripting XSS vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box...
Cross site scripting
A stored cross-site scripting XSS vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box...
CVE-2022-27442
TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password...