CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/01/09 12:1 p.m.•6 views

CVE-2018-19196

An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types jpg, jpeg, bmp, png, gif, as demonstrated by an...

9.8CVSS8.2AI score0.00557EPSS

RedhatCVE•added 2026/01/09 12:0 p.m.•4 views

CVE-2018-19192

An issue was discovered in XiaoCms 20141229. admin/index.php?c=content=add=3 has CSRF, as demonstrated by entering news via the datacontent parameter...

8.8CVSS7AI score0.00168EPSS

RedhatCVE•added 2026/01/09 11:59 a.m.•4 views

CVE-2018-19197

An issue was discovered in XiaoCms 20141229. admin\controller\database.php allows arbitrary directory deletion via admin/index.php?c=database=import=../ directory traversal...

5.5CVSS7.1AI score0.00764EPSS

RedhatCVE•added 2026/01/09 11:58 a.m.•2 views

CVE-2018-19193

An issue was discovered in XiaoCms 20141229. There is XSS via the largest input box on the "New news" screen...

6.1CVSS5.9AI score0.0024EPSS

6.1CVSS6.3AI score0.0024EPSS

EUVD-2018-10904

Malware in sbrugna...

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-6253

Malware in sbrugna...

8.8CVSS8.8AI score0.00134EPSS

6.1CVSS6.3AI score0.0024EPSS

EUVD-2018-10902

Malware in sbrugna...

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-10903

Malware in sbrugna...

5.3CVSS5.5AI score0.00232EPSS

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-10901

Malware in sbrugna...

8.8CVSS8.8AI score0.00168EPSS

5.5CVSS5.1AI score0.00764EPSS

EUVD-2018-10906

Malware in sbrugna...

Exploits1References3

7.2CVSS7AI score0.00576EPSS

EUVD-2019-15694

Malware in sbrugna...

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-10905

Malware in sbrugna...

9.8CVSS9.5AI score0.00557EPSS

Exploits1References3

RedhatCVE•added 2025/05/22 8:44 a.m.•4 views

CVE-2019-6127

An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename...

7.2CVSS8.4AI score0.00576EPSS

RedhatCVE•added 2025/05/22 6:12 a.m.•3 views

CVE-2018-19195

An issue was discovered in XiaoCms 20141229. There is XSS related to the template\default\showproduct.html file...

6.1CVSS6AI score0.0024EPSS

CNVD•added 2020/10/14 12:0 a.m.•2 views

Arbitrary File Deletion Vulnerability in XiaoCMS

XiaoCms is a web content management system, provides enterprise building system, station system. XiaoCMS suffers from an arbitrary file deletion vulnerability. An attacker can exploit the vulnerability to delete any directory on the server...

7AI score

Exploits0

CNVD•added 2020/10/13 12:0 a.m.•1 views

XiaoCMS backend has arbitrary file read vulnerability

XiaoCms is a web content management system, provides enterprise building system, station system. An arbitrary file read vulnerability exists in the XiaoCMS backend. An attacker can exploit the vulnerability to read task files...

6.9AI score

Exploits0

NVD•added 2019/01/11 5:29 a.m.•9 views

CVE-2019-6127

An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename...

7.2CVSS7.6AI score0.00576EPSS

OSV•added 2019/01/11 5:29 a.m.•0 views

CVE-2019-6127

An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename...

7.2CVSS7.4AI score0.00576EPSS