Lucene search

Luocms Project Security Vulnerabilities

cve

CVE-2022-24600

Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements.

9.8CVSS

9.9AI Score

0.002EPSS

2022-03-10 05:46 PM

cve

CVE-2022-24601

Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements.

7.5CVSS

7.8AI Score

0.002EPSS

2022-03-10 05:46 PM

cve

CVE-2022-24602

Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php.

9.8CVSS

9.9AI Score

0.002EPSS

2022-03-10 05:46 PM

cve

CVE-2022-24603

Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php.

9.8CVSS

9.9AI Score

0.002EPSS

2022-03-10 05:46 PM

cve

CVE-2022-24604

Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php.

9.8CVSS

9.9AI Score

0.002EPSS

2022-03-10 05:46 PM

cve

CVE-2022-24605

Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php.

9.8CVSS

9.9AI Score

0.002EPSS

2022-03-10 05:46 PM

cve

CVE-2022-24606

Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php.

9.8CVSS

9.9AI Score

0.002EPSS

2022-03-10 05:46 PM

cve

CVE-2022-24607

Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php.

9.8CVSS

9.9AI Score

0.002EPSS

2022-03-10 05:46 PM

cve

CVE-2022-24608

Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php.

6.1CVSS

6AI Score

0.001EPSS

2022-03-10 05:46 PM

cve

CVE-2022-24609

Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/template_manage.php, an attacker can write an arbitrary shell file.

9.8CVSS

9.5AI Score

0.004EPSS

2022-03-10 05:46 PM