CVE-2018-20062

CVE-2018-20062 affects ThinkPHP/NoneCMS with remote code execution via crafted filter parameter in s=index/\think\Request/input&filter=phpinfo&data=1. Public sources in connected docs identify vulnerable versions as ThinkPHP <= 5.0.23 (and 5.1.x

CVE-2020-23371

CVE-2020-23371 is a cross-site scripting (XSS) vulnerability in noneCms v1.3.0, affecting the SWF file static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf. The issue allows remote attackers to inject arbitrary script or HTML via the movieName parameter. The connected CNVD/CNNVD ent...

CVE-2020-23376

NoneCMS v1.3 is affected by a CSRF vulnerability in the endpoint public/index.php/admin/nav/add.html. The issue allows an attacker to inject arbitrary web script or HTML via the name parameter, enabling a potential stored XSS attack. The vulnerability is documented across multiple sources (e.g., ...

CVE-2020-18282

CVE-2020-18282 affects NoneCms 1.3.0 with a cross-site scripting (XSS) vulnerability exploitable via the feedback feature. The root cause and specifics are not fully detailed in the provided documents; CVSSv3.1 base score is 6.1 (MEDIUM), with network attack vector, low attack complexity, no priv...

CVE-2020-23373

CVE-2020-23373 affects NoneCMS v1.3.0, with an XSS in admin/nav/add.html. The underlying issue is that the name parameter can trigger injection of arbitrary script/HTML by remote authenticated attackers. Public details across CNVD/NVD OSV entries consistently describe the same vector and impact; ...

CVE-2020-23374

CVE-2020-23374 concerns a Cross-site scripting (XSS) vulnerability in noneCMS. The connected sources describe an XSS in the admin/article/add.html endpoint for NoneCMS v1.3.0, where an attacker can inject arbitrary web script or HTML via the name parameter. The vulnerability is authenticated and ...

CVE-2018-7219

CVE-2018-7219 affects NoneCms 1.3.0. The issue is a Cross-Site Request Forgery in application/admin/controller/Admin.php that allows modifying the administrator password or adding an account via public/index.php/admin/admin/edit.html. The root cause is CSRF in the admin controller; no remediation...

CVE-2018-6029

CVE-2018-6029 affects NoneCms 1.3.0. The vulnerability exists in the copy function of application/admin/controller/Article.php, where SSRF is possible because URL validation only checks for the substring "csdn". This allows remote attackers to access internal and external network resources. No ex...

CVE-2018-6022

CVE-2018-6022 : A directory traversal vulnerability exists in NoneCms (versions through 1.3.0) in the file application/admin/controller/Main.php . The issue allows remote authenticated users with back-office access to delete arbitrary files by supplying a backslash sequence (for example, ..\) in ...

CVE-2020-18646

CVE-2020-18646 concerns an information-disclosure vulnerability in NoneCMS v1.3. The affected component is "/public/index.php" and allows remote attackers to obtain sensitive information. The connected records confirm this is a NoneCMS information-disclosure issue; no exploit details, affected ve...

CVE-2019-16721

CVE-2019-16721 affects NoneCMS v1.3 and is a cross-site request forgery in the public/index.php/admin/admin/dele.html endpoint, demonstrated by deletion of the admin user. The issue arises from CSRF on the admin delete action, allowing an attacker‑crafted request to trigger admin-user deletion un...

CVE-2020-18647

CVE-2020-18647 affects NoneCMS v1.3, enabling information disclosure via the /nonecms/vendor component. A remote attacker can obtain sensitive information; CVSS indicates 7.5 (HIGH) in CVSS3.1 and 5.0 (MEDIUM) in CVSS2.0. The connected sources consistently describe an information-disclosure vulne...