A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R60321 allows attackers to obtain sensitive database information.
7.5CVSS
7.6AI Score
0.002EPSS
File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter.
9.8CVSS
9.5AI Score
0.002EPSS
An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.
9.8CVSS
9.6AI Score
0.005EPSS
An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks.
9.8CVSS
9.2AI Score
0.004EPSS