19 matches found
CVE-2022-42154
CVE-2022-42154 involves an arbitrary file upload vulnerability in the 74cmsSE web app, specifically the "/apiadmin/upload/attach" endpoint. A crafted PHP file can be uploaded, enabling attackers to achieve arbitrary code execution on v3.13.0. The CVSS v3.1 score is 9.8 (CRITICAL) with network att...
CVE-2022-33093
CVE-2022-33093 affects 74cmsSE v3.5.1, with a SQL injection vulnerability in the /freelance/resume_list endpoint via the key parameter. The root cause is improper validation of external input in that parameter, enabling potentially unauthorized SQL execution and data exposure as described in CNVD...
CVE-2022-32125
CVE-2022-32125 concerns 74cmsSE v3.5.1 with a reflective XSS via the /job path. The vulnerability stems from insufficient data validation/filtering of user-supplied input, enabling injection of JavaScript into the client. Affected product is 74cmsSE (PHP/MySQL-based recruitment system); no explic...
CVE-2022-32124
74cmsSE v3.5.1 contains a reflective XSS vulnerability in the component path /index/jobfairol/show/. The root cause is insufficient validation/encoding of user-supplied data in that endpoint, allowing injected JavaScript to be reflected back to the browser. Impact is client-side code execution in...
CVE-2022-32129
CVE-2022-32129 affects 74cmsSE v3.5.1 and is a reflective XSS via the path /company/account/safety/trade. The vulnerability stems from inadequate input validation/escaping, allowing injected JavaScript to be executed in the victim’s browser. Impact is client-side script execution; exploitation is...
CVE-2022-32130
CVE-2022-32130 affects 74cmsSE v3.5.1. A reflective XSS flaw exists in the /company/down_resume/total/nature path caused by insufficient input validation/output encoding, allowing injected JavaScript to run in the viewer’s browser. Reported impact includes client-side code execution; CVSS metrics...
CVE-2022-32131
CVE-2022-32131 affects 74cmsSE v3.5.1 and is a reflected cross-site scripting (XSS) vulnerability exploitable via the /index/notice/show path. The CNA entries describe that lack of proper input validation/output encoding enables attacker-supplied data to execute JavaScript in the victim’s browser...
CVE-2022-33096
CVE-2022-33096 affects 74cmsSE v3.5.1, with a SQL injection in the keyword parameter of /home/resume/index. The vulnerability arises from unsanitized input used in SQL queries, exposing potentially confidential data. Documented impact under CVSS 3.1 indicates high confidentiality impact (C:H) wit...
CVE-2022-32128
CVE-2022-32128 affects 74cmsSE v3.5.1, with a reflected XSS via the path /company/service/increment/add/im. The flaw originates from insufficient input validation/output encoding for user-supplied data, allowing injected JavaScript to run in the client. Impact is user-assisted script execution in...
CVE-2022-32127
CVE-2022-32127 affects 74cmsSE v3.5.1 with a reflective XSS via the path /company/view_be_browsed/total. The NVD entry notes a reflective XSS issue (C/L/I A impacts) with base scores: CVSSv2 4.3 (MEDIUM) and CVSSv3.1 6.1 (MEDIUM); exploit status is not described in the provided documents. Related...
CVE-2022-33092
CVE-2022-33092 affects 74cmsSE v3.5.1, with a SQL injection in the keyword parameter used by /home/job/index. This is disclosed across multiple sources (CNVD, NVD, Red Hat, CNVD variants). The root cause is unsanitized input leading to SQL statement manipulation and potential data exposure. Explo...
CVE-2022-29720
CVE-2022-29720 affects 74cmsSE v3.5.1. A vulnerability in index\controller\Download.php enables an arbitrary file read. Documented references confirm the component and location; no exploit details or remediation are provided in the supplied sources. If applicable, apply vendor advisories or patch...
CVE-2022-33094
Summary: CVE-2022-33094 affects 74cmsSE v3.5.1, where a SQL injection vulnerability exists via the keyword parameter at /home/job/map. The issue arises from insufficient input validation, allowing an attacker to manipulate SQL queries and potentially access sensitive data. The CVSS data in the pr...
CVE-2022-33095
CVE-2022-33095 affects 74cmsSE v3.5.1, with a SQL injection in the keyword parameter at /home/jobfairol/resumelist. The CNVD/CNNVD entries describe lack of input validation enabling arbitrary SQL execution to access data, while Red Hat/ENISA entries confirm the issue but do not provide concrete f...
CVE-2022-29721
Affected software: 74cmsSE v3.5.1 (74cmsSE is an online recruitment system based on PHP/MySQL). Vulnerability: SQL injection via the keyword parameter in /home/jobfairol/resumelist. Root cause described as lack of input validation on the parameter, enabling externally entered SQL statements. Impa...
CVE-2022-33097
CVE-2022-33097 affects 74cmsSE v3.5.1. Root cause: SQL injection via the keyword parameter in /home/campus/campus_job. Impact: attacker could execute arbitrary SQL to access data. Exploitation details are not provided in the documents; no remediation details are included in the connected sources.
CVE-2022-32126
CVE-2022-32126 corresponds to a reflected cross-site scripting (XSS) vulnerability in 74cmsSE v3.5.1, exploitable via the path /company. Multiple connected sources describe that user-supplied data in /company is not properly validated/filtered, allowing injection of JavaScript that would execute ...
CVE-2022-41471
CVE-2022-41471 affects 74cmsSE v3.12.0. An authenticated attacker with low privileges can arbitrarily change the rights and credentials of the Super Administrator account. CVSS v3.1: 6.5 (Network, Low complexity, Privileges Required: Low, No user interaction, Confidentiality: None, Integrity: Hig...
CVE-2022-41472
CVE-2022-41472 affects 74cmsSE v3.12.0. The vulnerability is a Cross‑Site Scripting (XSS) in the API endpoint “/apiadmin/notice/add” where a crafted payload placed in the Title field can execute arbitrary web scripts/HTML in a user’s browser. The root cause is an input that is not properly saniti...