21 matches found
CVE-2022-27090
CVE-2022-27090 affects CScms Music Portal System v4.2. The issue is a backurl parameter–driven redirection vulnerability. The Connected documents corroborate a redirect flaw but do not provide concrete exploitation details, affected versions beyond v4.2, updated patches, or remediations. Therefor...
CVE-2022-28552
CScms 4.1 is vulnerable to SQL Injection in the backend during the recycle-bin empty operation after creating a song in the Song module; the issue occurs when deleting a song to the recycle bin and then emptying it. The connected sources confirm the affected workflow but do not provide concrete r...
CVE-2022-30898
CVE-2022-30898 affects Cscms Music Portal System v4.2. A CSRF flaw in the admin flow (notably via /Cscms_4.2/upload/admin.php/sys/save) allows remote attackers to change the administrator’s username and password. Multiple sources (NVD, RH, PRION, CNNVD, CVE listing) confirm the issue; exploitatio...
CVE-2022-27366
CVE-2022-27366 affects Cscms Music Portal System v4.2, with a blind SQL injection vulnerability exploitable via the dance_Dance.php_hy component. The Red Hat and CNVD entries corroborate the flaw as a SQL injection in Cscms, impacting the CMS framework’s dance_Dance.php_hy routine. Public details...
CVE-2022-27368
The CVE-2022-27368 entry applies to Cscms Music Portal System v4.2 and describes a SQL injection vulnerability in the dance_Lists.php_zhuan component. The available connected records consistently identify the affected product and vulnerable function but do not provide exploit details, affected ve...
CVE-2022-27365
CVE-2022-27365 affects Cscms Music Portal System v4.2, with a SQL injection vulnerability exploitable via the dance_Dance.php_del component. Connected sources (NVD/Red Hat/CNVD/etc.) corroborate a SQLi flaw in CScms that can enable unauthorized data exposure or modification through the vulnerable...
CVE-2022-27369
The CVE-2022-27369 entry concerns Cscms Music Portal System v4.2, with a SQL injection vulnerability in the news_News.php_hy component. The Red Hat, CNVD, CNVD/CNNVD, NVD, and related records consistently describe the same issue: an SQL injection flaw in News-related functionality of Cscms Music ...
CVE-2022-27367
Summary of CVE-2022-27367 (Cscms Music Portal System v4.2): A SQL injection vulnerability exists in the Dance_Topic.php_del component of Cscms Music Portal System v4.2. The vulnerability arises from improper handling of input in the affected function, enabling injection attacks against the databa...
CVE-2018-16732
CVE-2018-16732 affects CScms 4.1. The flaw is in \upload\plugins\sys\admin\Setting.php, enabling CSRF via admin.php/setting/ftp_save. CVSS data: v2 base 6.8 (NETWORK, no auth, partial CIA/I/A), and CVSSv3 base 8.8 (NETWORK, UI REQUIRED, HIGH impact on Confidentiality, Integrity, Availability). Co...
CVE-2020-28102
cscms v4.1 exposes an SQL injection via the js_del function. Affected product: cscms (CMS). Root cause details are not further disclosed in the provided documents. Impact is indicated as high via CVSS3.1 (CRITICAL) with network access and no user interaction; no remediation details are provided i...
CVE-2018-17126
CVE-2018-17126 affects CScms 4.1. The vulnerability is a remote code execution through a crafted input in Web Name to upload\plugins\sys\Install.php, leveraging 1');eval($_POST[cmd]);# in the Install.php file. This indicates an unauthenticated remote command execution path via user-supplied POST ...
CVE-2020-21238
CVE-2020-21238 affects CSCMS v4.0, with a weakness in the user login box that enables brute-force attacks to hijack user accounts. The issue is documented across multiple sources (NVD entry notes brute-force risk; Red Hat and CNVD mirror the same description). Exploitation status and exact exploi...
CVE-2018-17125
CVE-2018-17125 affects CScms 4.1. The vulnerability is an arbitrary directory deletion flaw in the plugins/sys/admin/Plugins.php handler, triggered by a dir=..\ substring that allows deleting arbitrary directories. This is due to insufficient input validation of the dir parameter, enabling path t...
CVE-2020-28103
CVE-2020-28103 affects cscms v4.1 and enables SQL injection through the page_del/page delete function. Root cause: improper input handling leading to SQL injection. CVSS 3.1 base score 9.8 (CRITICAL), NETWORK, no authentication, no user interaction. Exploitation details are not provided in the co...
CVE-2018-16337
CVE-2018-16337 affects Cscms v4.1.8. A CSRF flaw allows modification of a website's basic configuration via upload/admin.php/setting/save. The connected CNVD/NVD entries confirm the Cross-Site Request Forgery impact on Cscms 4.1.8. No remediation details are provided in the supplied documents.
CVE-2018-16730
CVE-2018-16730 : In CScms 4.1, a cross-site scripting (XSS) vulnerability exists in the file path "\upload\plugins\sys\Install.php" triggered via the site name. The issue is documented across multiple sources (e.g., NVD/CNVD entries) as a CMS-originated XSS in that specific component. The connect...
CVE-2018-16448
CVE-2018-16448 affects Cscms 4. It documents CSRF in admin endpoints: creating a member via upload/admin.php/user/save; authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid; and creating a super administrator and web editor via upload/admin.php/sys/sav...
CVE-2019-6779
CVE-2019-6779 affects CSCMS 4.1.8. The vulnerability is a CSRF flaw on the admin.php/links/save endpoint, enabling an attacker to add, modify, or delete friend links without providing proper authorization. Root cause stated is lack of CSRF protection on that admin action; exploitation details are...
CVE-2020-22848
CVE-2020-22848 affects cscms v4.1, specifically the Playsong.php component. An RCE vulnerability allows an attacker to execute arbitrary commands on affected systems. The connected documents consistently describe remote code execution via Playsong.php but do not provide specific exploit details, ...
CVE-2018-16731
CVE-2018-16731 affects CScms 4.1 and is described as an arbitrary file upload vulnerability: an attacker can add the php extension to the allowed filetype list and supply a .php pathname inside the fileurl JSON data to obtain uploaded PHP code. The connected records confirm the issue and provide ...
CVE-2019-9598
The CVE-2019-9598 entry describes a CSRF vulnerability in Cscms 4.1.0, specifically in the admin.php/pay flow, that allows an attacker to change the payment account and redirect funds. Documents confirm affected software (Cscms 4.1.0) and the vulnerability class (CSRF) with the underlying impact ...