Lucene search
K

8 matches found

CVE
CVE
added 2019/01/11 5:0 a.m.40 views

CVE-2019-6127

CVE-2019-6127 affects XiaoCms 20141229. The vulnerability is a SQL injection in the admin/index.php?c=database table[] path, enabling an attacker to perform PHP code execution via INTO OUTFILE with a .php filename. The references confirm the same description across multiple sources, indicating a ...

7.2CVSS7.6AI score0.01506EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/11/12 5:29 a.m.14 views

Cross site request forgery (csrf)

An issue was discovered in XiaoCms 20141229. admin/index.php?c=content&a=add&catid=3 has CSRF, as demonstrated by entering news via the datacontent parameter...

6.8CVSS8.6AI score0.00523EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/11/12 5:29 a.m.20 views

CVE-2018-19197

An issue was discovered in XiaoCms 20141229. admin\controller\database.php allows arbitrary directory deletion via admin/index.php?c=database&a=import&paths=../ directory traversal...

5.5CVSS5.3AI score0.01359EPSS
Exploits1References2
Prion
Prion
added 2018/11/12 5:29 a.m.14 views

Design/Logic Flaw

An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types jpg, jpeg, bmp, png, gif, as demonstrated by an...

7.5CVSS9.8AI score0.033EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2018/11/12 5:29 a.m.17 views

CVE-2018-19195

An issue was discovered in XiaoCms 20141229. There is XSS related to the template\default\showproduct.html file...

6.1CVSS6AI score0.00675EPSS
Exploits1References1
NVD
NVD
added 2018/11/12 5:29 a.m.14 views

CVE-2018-19192

An issue was discovered in XiaoCms 20141229. admin/index.php?c=content&a=add&catid=3 has CSRF, as demonstrated by entering news via the datacontent parameter...

8.8CVSS8.7AI score0.00523EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/11/12 5:0 a.m.22 views

CVE-2018-19197

An issue was discovered in XiaoCms 20141229. admin\controller\database.php allows arbitrary directory deletion via admin/index.php?c=database&a=import&paths=../ directory traversal...

5.3AI score0.01359EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/11/12 5:0 a.m.21 views

CVE-2018-19194

An issue was discovered in XiaoCms 20141229. /admin/index.php?c=database allows full path disclosure in a "failed to open stream" error message...

5.2AI score0.00937EPSS
Exploits1References1
Rows per page
Query Builder