Nonecms Security Vulnerabilities and Issues — Nonecms CVE List

Lucene search

5noneNonecms

4 matches found

CVE•added 2018/12/11 6:29 p.m.•1135 views

CVE-2018-20062

An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.

9.8CVSS9.6AI score0.94306EPSS

CVE•added 2018/02/19 2:29 p.m.•43 views

CVE-2018-7219

application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request.

8.8CVSS8.7AI score0.00141EPSS

CVE•added 2018/01/23 6:29 a.m.•41 views

CVE-2018-6022

Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter.

6.5CVSS6.2AI score0.00403EPSS

CVE•added 2018/01/23 6:29 a.m.•39 views

CVE-2018-6029

The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whether the URL contains the "csdn" substring.

7.5CVSS7.5AI score0.00341EPSS