Lucene search
K
74cms74cmsse

19 matches found

CVE
CVE
added 2022/10/17 12:0 a.m.255 views

CVE-2022-42154

CVE-2022-42154 involves an arbitrary file upload vulnerability in the 74cmsSE web app, specifically the "/apiadmin/upload/attach" endpoint. A crafted PHP file can be uploaded, enabling attackers to achieve arbitrary code execution on v3.13.0. The CVSS v3.1 score is 9.8 (CRITICAL) with network att...

9.8CVSS9.5AI score0.00916EPSS
Web
CVE
CVE
added 2022/06/22 6:42 p.m.99 views

CVE-2022-33093

CVE-2022-33093 affects 74cmsSE v3.5.1, with a SQL injection vulnerability in the /freelance/resume_list endpoint via the key parameter. The root cause is improper validation of external input in that parameter, enabling potentially unauthorized SQL execution and data exposure as described in CNVD...

7.5CVSS7.7AI score0.00901EPSS
Web
CVE
CVE
added 2022/06/22 6:42 p.m.91 views

CVE-2022-32125

CVE-2022-32125 concerns 74cmsSE v3.5.1 with a reflective XSS via the /job path. The vulnerability stems from insufficient data validation/filtering of user-supplied input, enabling injection of JavaScript into the client. Affected product is 74cmsSE (PHP/MySQL-based recruitment system); no explic...

6.1CVSS6AI score0.00617EPSS
CVE
CVE
added 2022/06/22 6:42 p.m.82 views

CVE-2022-32124

74cmsSE v3.5.1 contains a reflective XSS vulnerability in the component path /index/jobfairol/show/. The root cause is insufficient validation/encoding of user-supplied data in that endpoint, allowing injected JavaScript to be reflected back to the browser. Impact is client-side code execution in...

6.1CVSS6AI score0.00617EPSS
CVE
CVE
added 2022/06/22 6:42 p.m.81 views

CVE-2022-32129

CVE-2022-32129 affects 74cmsSE v3.5.1 and is a reflective XSS via the path /company/account/safety/trade. The vulnerability stems from inadequate input validation/escaping, allowing injected JavaScript to be executed in the victim’s browser. Impact is client-side script execution; exploitation is...

6.1CVSS6AI score0.00617EPSS
Web
CVE
CVE
added 2022/06/22 6:42 p.m.77 views

CVE-2022-32130

CVE-2022-32130 affects 74cmsSE v3.5.1. A reflective XSS flaw exists in the /company/down_resume/total/nature path caused by insufficient input validation/output encoding, allowing injected JavaScript to run in the viewer’s browser. Reported impact includes client-side code execution; CVSS metrics...

6.1CVSS6AI score0.00617EPSS
CVE
CVE
added 2022/06/22 6:42 p.m.77 views

CVE-2022-32131

CVE-2022-32131 affects 74cmsSE v3.5.1 and is a reflected cross-site scripting (XSS) vulnerability exploitable via the /index/notice/show path. The CNA entries describe that lack of proper input validation/output encoding enables attacker-supplied data to execute JavaScript in the victim’s browser...

6.1CVSS6AI score0.00617EPSS
CVE
CVE
added 2022/06/22 6:42 p.m.75 views

CVE-2022-33096

CVE-2022-33096 affects 74cmsSE v3.5.1, with a SQL injection in the keyword parameter of /home/resume/index. The vulnerability arises from unsanitized input used in SQL queries, exposing potentially confidential data. Documented impact under CVSS 3.1 indicates high confidentiality impact (C:H) wit...

7.5CVSS7.7AI score0.00901EPSS
Web
CVE
CVE
added 2022/06/22 6:42 p.m.73 views

CVE-2022-32128

CVE-2022-32128 affects 74cmsSE v3.5.1, with a reflected XSS via the path /company/service/increment/add/im. The flaw originates from insufficient input validation/output encoding for user-supplied data, allowing injected JavaScript to run in the client. Impact is user-assisted script execution in...

6.1CVSS6AI score0.00617EPSS
Web
CVE
CVE
added 2022/06/22 6:42 p.m.72 views

CVE-2022-32127

CVE-2022-32127 affects 74cmsSE v3.5.1 with a reflective XSS via the path /company/view_be_browsed/total. The NVD entry notes a reflective XSS issue (C/L/I A impacts) with base scores: CVSSv2 4.3 (MEDIUM) and CVSSv3.1 6.1 (MEDIUM); exploit status is not described in the provided documents. Related...

6.1CVSS6AI score0.00617EPSS
CVE
CVE
added 2022/06/22 6:42 p.m.72 views

CVE-2022-33092

CVE-2022-33092 affects 74cmsSE v3.5.1, with a SQL injection in the keyword parameter used by /home/job/index. This is disclosed across multiple sources (CNVD, NVD, Red Hat, CNVD variants). The root cause is unsanitized input leading to SQL statement manipulation and potential data exposure. Explo...

7.5CVSS7.7AI score0.00901EPSS
Web
CVE
CVE
added 2022/05/26 12:55 p.m.71 views

CVE-2022-29720

CVE-2022-29720 affects 74cmsSE v3.5.1. A vulnerability in index\controller\Download.php enables an arbitrary file read. Documented references confirm the component and location; no exploit details or remediation are provided in the supplied sources. If applicable, apply vendor advisories or patch...

7.5CVSS7.5AI score0.00913EPSS
CVE
CVE
added 2022/06/22 6:42 p.m.71 views

CVE-2022-33094

Summary: CVE-2022-33094 affects 74cmsSE v3.5.1, where a SQL injection vulnerability exists via the keyword parameter at /home/job/map. The issue arises from insufficient input validation, allowing an attacker to manipulate SQL queries and potentially access sensitive data. The CVSS data in the pr...

7.5CVSS7.7AI score0.00901EPSS
Web
CVE
CVE
added 2022/06/22 6:42 p.m.70 views

CVE-2022-33095

CVE-2022-33095 affects 74cmsSE v3.5.1, with a SQL injection in the keyword parameter at /home/jobfairol/resumelist. The CNVD/CNNVD entries describe lack of input validation enabling arbitrary SQL execution to access data, while Red Hat/ENISA entries confirm the issue but do not provide concrete f...

7.5CVSS7.7AI score0.00987EPSS
Web
CVE
CVE
added 2022/05/26 12:55 p.m.67 views

CVE-2022-29721

Affected software: 74cmsSE v3.5.1 (74cmsSE is an online recruitment system based on PHP/MySQL). Vulnerability: SQL injection via the keyword parameter in /home/jobfairol/resumelist. Root cause described as lack of input validation on the parameter, enabling externally entered SQL statements. Impa...

7.5CVSS7.8AI score0.00991EPSS
Web
CVE
CVE
added 2022/06/22 6:42 p.m.67 views

CVE-2022-33097

CVE-2022-33097 affects 74cmsSE v3.5.1. Root cause: SQL injection via the keyword parameter in /home/campus/campus_job. Impact: attacker could execute arbitrary SQL to access data. Exploitation details are not provided in the documents; no remediation details are included in the connected sources.

7.5CVSS7.7AI score0.00901EPSS
Web
CVE
CVE
added 2022/06/22 6:42 p.m.66 views

CVE-2022-32126

CVE-2022-32126 corresponds to a reflected cross-site scripting (XSS) vulnerability in 74cmsSE v3.5.1, exploitable via the path /company. Multiple connected sources describe that user-supplied data in /company is not properly validated/filtered, allowing injection of JavaScript that would execute ...

6.1CVSS6AI score0.00617EPSS
CVE
CVE
added 2022/10/17 12:0 a.m.60 views

CVE-2022-41471

CVE-2022-41471 affects 74cmsSE v3.12.0. An authenticated attacker with low privileges can arbitrarily change the rights and credentials of the Super Administrator account. CVSS v3.1: 6.5 (Network, Low complexity, Privileges Required: Low, No user interaction, Confidentiality: None, Integrity: Hig...

6.5CVSS6.4AI score0.0055EPSS
CVE
CVE
added 2022/10/17 12:0 a.m.52 views

CVE-2022-41472

CVE-2022-41472 affects 74cmsSE v3.12.0. The vulnerability is a Cross‑Site Scripting (XSS) in the API endpoint “/apiadmin/notice/add” where a crafted payload placed in the Title field can execute arbitrary web scripts/HTML in a user’s browser. The root cause is an input that is not properly saniti...

5.4CVSS5.3AI score0.00384EPSS
Web