Lucene search
K
ChshcmsCscms

21 matches found

CVE
CVE
added 2022/03/21 9:5 p.m.80 views

CVE-2022-27090

CVE-2022-27090 affects CScms Music Portal System v4.2. The issue is a backurl parameter–driven redirection vulnerability. The Connected documents corroborate a redirect flaw but do not provide concrete exploitation details, affected versions beyond v4.2, updated patches, or remediations. Therefor...

5.4CVSS5.5AI score0.00406EPSS
CVE
CVE
added 2022/05/04 2:52 p.m.74 views

CVE-2022-28552

CScms 4.1 is vulnerable to SQL Injection in the backend during the recycle-bin empty operation after creating a song in the Song module; the issue occurs when deleting a song to the recycle bin and then emptying it. The connected sources confirm the affected workflow but do not provide concrete r...

8.8CVSS9AI score0.00821EPSS
CVE
CVE
added 2022/06/09 6:52 p.m.73 views

CVE-2022-30898

CVE-2022-30898 affects Cscms Music Portal System v4.2. A CSRF flaw in the admin flow (notably via /Cscms_4.2/upload/admin.php/sys/save) allows remote attackers to change the administrator’s username and password. Multiple sources (NVD, RH, PRION, CNNVD, CVE listing) confirm the issue; exploitatio...

6.5CVSS6.6AI score0.00544EPSS
CVE
CVE
added 2022/04/15 5:31 p.m.70 views

CVE-2022-27366

CVE-2022-27366 affects Cscms Music Portal System v4.2, with a blind SQL injection vulnerability exploitable via the dance_Dance.php_hy component. The Red Hat and CNVD entries corroborate the flaw as a SQL injection in Cscms, impacting the CMS framework’s dance_Dance.php_hy routine. Public details...

7.2CVSS7.3AI score0.00834EPSS
CVE
CVE
added 2022/04/15 5:31 p.m.68 views

CVE-2022-27368

The CVE-2022-27368 entry applies to Cscms Music Portal System v4.2 and describes a SQL injection vulnerability in the dance_Lists.php_zhuan component. The available connected records consistently identify the affected product and vulnerable function but do not provide exploit details, affected ve...

7.2CVSS7.2AI score0.00834EPSS
CVE
CVE
added 2022/04/15 5:31 p.m.67 views

CVE-2022-27365

CVE-2022-27365 affects Cscms Music Portal System v4.2, with a SQL injection vulnerability exploitable via the dance_Dance.php_del component. Connected sources (NVD/Red Hat/CNVD/etc.) corroborate a SQLi flaw in CScms that can enable unauthorized data exposure or modification through the vulnerable...

7.2CVSS7.2AI score0.00942EPSS
CVE
CVE
added 2022/04/15 5:31 p.m.67 views

CVE-2022-27369

The CVE-2022-27369 entry concerns Cscms Music Portal System v4.2, with a SQL injection vulnerability in the news_News.php_hy component. The Red Hat, CNVD, CNVD/CNNVD, NVD, and related records consistently describe the same issue: an SQL injection flaw in News-related functionality of Cscms Music ...

7.2CVSS7.2AI score0.00857EPSS
CVE
CVE
added 2022/04/15 5:31 p.m.66 views

CVE-2022-27367

Summary of CVE-2022-27367 (Cscms Music Portal System v4.2): A SQL injection vulnerability exists in the Dance_Topic.php_del component of Cscms Music Portal System v4.2. The vulnerability arises from improper handling of input in the affected function, enabling injection attacks against the databa...

7.2CVSS7.2AI score0.00834EPSS
CVE
CVE
added 2018/09/08 3:0 p.m.50 views

CVE-2018-16732

CVE-2018-16732 affects CScms 4.1. The flaw is in \upload\plugins\sys\admin\Setting.php, enabling CSRF via admin.php/setting/ftp_save. CVSS data: v2 base 6.8 (NETWORK, no auth, partial CIA/I/A), and CVSSv3 base 8.8 (NETWORK, UI REQUIRED, HIGH impact on Confidentiality, Integrity, Availability). Co...

8.8CVSS8.6AI score0.00518EPSS
CVE
CVE
added 2022/01/11 3:41 p.m.50 views

CVE-2020-28102

cscms v4.1 exposes an SQL injection via the js_del function. Affected product: cscms (CMS). Root cause details are not further disclosed in the provided documents. Impact is indicated as high via CVSS3.1 (CRITICAL) with network access and no user interaction; no remediation details are provided i...

9.8CVSS9.9AI score0.01213EPSS
CVE
CVE
added 2018/09/17 4:0 a.m.48 views

CVE-2018-17126

CVE-2018-17126 affects CScms 4.1. The vulnerability is a remote code execution through a crafted input in Web Name to upload\plugins\sys\Install.php, leveraging 1');eval($_POST[cmd]);# in the Install.php file. This indicates an unauthenticated remote command execution path via user-supplied POST ...

9.8CVSS9.5AI score0.03233EPSS
CVE
CVE
added 2021/12/27 10:23 p.m.48 views

CVE-2020-21238

CVE-2020-21238 affects CSCMS v4.0, with a weakness in the user login box that enables brute-force attacks to hijack user accounts. The issue is documented across multiple sources (NVD entry notes brute-force risk; Red Hat and CNVD mirror the same description). Exploitation status and exact exploi...

9.8CVSS9.3AI score0.00939EPSS
CVE
CVE
added 2018/09/17 4:0 a.m.47 views

CVE-2018-17125

CVE-2018-17125 affects CScms 4.1. The vulnerability is an arbitrary directory deletion flaw in the plugins/sys/admin/Plugins.php handler, triggered by a dir=..\ substring that allows deleting arbitrary directories. This is due to insufficient input validation of the dir parameter, enabling path t...

7.5CVSS7.4AI score0.01412EPSS
CVE
CVE
added 2022/01/11 3:49 p.m.47 views

CVE-2020-28103

CVE-2020-28103 affects cscms v4.1 and enables SQL injection through the page_del/page delete function. Root cause: improper input handling leading to SQL injection. CVSS 3.1 base score 9.8 (CRITICAL), NETWORK, no authentication, no user interaction. Exploitation details are not provided in the co...

9.8CVSS9.9AI score0.01096EPSS
CVE
CVE
added 2018/09/02 6:0 p.m.44 views

CVE-2018-16337

CVE-2018-16337 affects Cscms v4.1.8. A CSRF flaw allows modification of a website's basic configuration via upload/admin.php/setting/save. The connected CNVD/NVD entries confirm the Cross-Site Request Forgery impact on Cscms 4.1.8. No remediation details are provided in the supplied documents.

6.5CVSS6.5AI score0.00447EPSS
CVE
CVE
added 2018/09/08 3:0 p.m.44 views

CVE-2018-16730

CVE-2018-16730 : In CScms 4.1, a cross-site scripting (XSS) vulnerability exists in the file path "\upload\plugins\sys\Install.php" triggered via the site name. The issue is documented across multiple sources (e.g., NVD/CNVD entries) as a CMS-originated XSS in that specific component. The connect...

6.1CVSS5.9AI score0.00705EPSS
CVE
CVE
added 2018/09/04 4:0 a.m.43 views

CVE-2018-16448

CVE-2018-16448 affects Cscms 4. It documents CSRF in admin endpoints: creating a member via upload/admin.php/user/save; authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid; and creating a super administrator and web editor via upload/admin.php/sys/sav...

8.8CVSS8.6AI score0.00494EPSS
CVE
CVE
added 2019/01/24 7:0 p.m.42 views

CVE-2019-6779

CVE-2019-6779 affects CSCMS 4.1.8. The vulnerability is a CSRF flaw on the admin.php/links/save endpoint, enabling an attacker to add, modify, or delete friend links without providing proper authorization. Root cause stated is lack of CSRF protection on that admin action; exploitation details are...

8.1CVSS8AI score0.00453EPSS
CVE
CVE
added 2021/08/30 10:12 p.m.42 views

CVE-2020-22848

CVE-2020-22848 affects cscms v4.1, specifically the Playsong.php component. An RCE vulnerability allows an attacker to execute arbitrary commands on affected systems. The connected documents consistently describe remote code execution via Playsong.php but do not provide specific exploit details, ...

9.8CVSS9.8AI score0.02874EPSS
CVE
CVE
added 2018/09/08 3:0 p.m.41 views

CVE-2018-16731

CVE-2018-16731 affects CScms 4.1 and is described as an arbitrary file upload vulnerability: an attacker can add the php extension to the allowed filetype list and supply a .php pathname inside the fileurl JSON data to obtain uploaded PHP code. The connected records confirm the issue and provide ...

9.8CVSS9.3AI score0.01491EPSS
CVE
CVE
added 2019/03/07 10:0 p.m.41 views

CVE-2019-9598

The CVE-2019-9598 entry describes a CSRF vulnerability in Cscms 4.1.0, specifically in the admin.php/pay flow, that allows an attacker to change the payment account and redirect funds. Documents confirm affected software (Cscms 4.1.0) and the vulnerability class (CSRF) with the underlying impact ...

6.5CVSS6.4AI score0.00506EPSS