Lucene search
K
ChshcmsCscms Music Portal System

21 matches found

CVE
CVE
added 2022/05/26 1:27 p.m.64 views

CVE-2022-29683

CVE-2022-29683 affects CSCMS Music Portal System v4.2, with a blind SQL injection vulnerability exposed through the id parameter at /admin.php/Label/page_del. The root cause, as described in multiple records, is missing validation of external input in the SQL statement used by that endpoint. CVSS...

7.2CVSS7.2AI score0.00896EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.63 views

CVE-2022-29663

CSCMS Music Portal System v4.2 contains a SQL injection vulnerability in the id parameter of /admin.php/pic/admin/type/hy. The issue arises from lack of input validation, enabling attackers to inject SQL statements to access or exfiltrate database data. Affected product is CSCMS Music Portal Syst...

7.2CVSS7.2AI score0.00896EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.62 views

CVE-2022-29667

CVE-2022-29667 affects CSCMS Music Portal System v4.2 and involves a SQL injection vulnerability in the path /admin.php/pic/admin/pic/hy, exploitable by restoring deleted photos. Root cause: lack of input validation on the id parameter leading to SQL command execution. Impact is reported as data ...

8.8CVSS8.9AI score0.00908EPSS
CVE
CVE
added 2022/05/26 1:27 p.m.62 views

CVE-2022-29684

CVE-2022-29684 affects CSCMS Music Portal System v4.2. A blind SQL injection is reachable via the id parameter in /admin.php/Label/js_del (missing input validation). Documented impact is partial/high depending on metric, but no explicit exploit details or patches are provided in the supplied sour...

7.2CVSS7.2AI score0.00896EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.62 views

CVE-2022-29687

CVE-2022-29687 affects CSCMS Music Portal System v4.2. A blind SQL injection exists in the id parameter of /admin.php/user/level_del, enabling potential unauthorized SQL execution. Per the CVE, impact includes partial confidentiality, integrity, and availability (CVSS 3.1: HIGH impact). No explic...

7.2CVSS7.2AI score0.00896EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.61 views

CVE-2022-29665

Summary of vulnerability (CVE-2022-29665): CSCMS Music Portal System v4.2 contains a SQL injection flaw via the id parameter in the endpoint /admin.php/news/admin/topic/save. The issue is triggered by unsafely constructed external input, enabling an attacker to potentially manipulate database que...

7.2CVSS7.2AI score0.00793EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.61 views

CVE-2022-29670

CVE-2022-29670 affects CSCMS Music Portal System v4.2. A SQL injection is exposed via the id parameter on /admin.php/pic/admin/type/del, potentially exposing or altering database data. Several connected sources corroborate the vulnerability; exploitation details or a patch are not provided in the...

7.2CVSS7.2AI score0.00896EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.58 views

CVE-2022-29661

CVE-2022-29661 affects CSCMS Music Portal System v4.2. It has a blind SQL injection in the id parameter of /admin.php/pic/admin/type/save due to lack of input validation, enabling an attacker to execute SQL statements and potentially exfiltrate data. Root cause: unsanitized id parameter. Impact a...

7.2CVSS7.2AI score0.00896EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.58 views

CVE-2022-29688

CVE-2022-29688 affects CSCMS Music Portal System v4.2. A blind SQL injection is exposed via the id parameter in /admin.php/singer/admin/singer/hy, due to insufficient input validation. The issue is confirmed across multiple sources in the Connected documents (NVD entry and Red Hat CNVD/CVE relati...

7.2CVSS7.2AI score0.00896EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.57 views

CVE-2022-29676

CVE-2022-29676 affects CSCMS Music Portal System v4.2, with a SQL injection vulnerability via the id parameter in /admin.php/pic/admin/lists/zhuan. Root cause: improper handling/unsafely constructed SQL from the id input, allowing attackers to execute SQL commands. Documents consistently describe...

7.2CVSS7.2AI score0.00896EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.56 views

CVE-2022-29669

CVE-2022-29669 affects CSCMS Music Portal System v4.2, with a SQL injection vulnerability in /admin.php/news/admin/lists/zhuan exploitable via the id parameter. The root cause is improper validation/handling of external input which allows arbitrary SQL execution, leading to potential unauthorized...

8.8CVSS8.9AI score0.00908EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.56 views

CVE-2022-29682

CVE-2022-29682 affects CSCMS Music Portal System v4.2. The vulnerability is a blind SQL injection reachable via the id parameter in the administrative endpoint: /admin.php/vod/admin/topic/del. Public advisories describe the issue as an SQL injection that allows potentially unauthorized SQL statem...

7.2CVSS7.2AI score0.00896EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.56 views

CVE-2022-29686

CVE-2022-29686 affects CSCMS Music Portal System v4.2 and is due to a blind SQL injection in the id parameter of the endpoint /admin.php/singer/admin/lists/zhuan. The connected sources consistently describe a SQLi vulnerability that can expose or alter data in the backend; no exploitation details...

7.2CVSS7.2AI score0.00896EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.55 views

CVE-2022-29680

CVE-2022-29680 affects CSCMS Music Portal System v4.2. A blind SQL injection exists in the id parameter of /admin.php/user/zu_del due to lack of input validation, enabling potential unauthorized access to database data. CVSS metrics present: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD 3.1) and CVSS2...

7.2CVSS7.2AI score0.00896EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.55 views

CVE-2022-29681

The CVE-2022-29681 entry concerns CSCMS Music Portal System v4.2, which is reported to have a blind SQL injection vulnerability in the id parameter of /admin.php/Links/del. The connected sources (CNVD, Red Hat, CVE listings, and related notices) describe the issue as a lack of input validation th...

7.2CVSS7.2AI score0.00896EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.55 views

CVE-2022-29685

CVE-2022-29685 affects CSCMS Music Portal System v4.2. The vulnerability is a blind SQL injection in the id parameter of /admin.php/User/level_sort, caused by lack of input validation. This can lead to unauthorized SQL execution and exposure of database data (confidentiality, integrity, and avail...

8.8CVSS8.9AI score0.00908EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.54 views

CVE-2022-29666

CVE-2022-29666 affects CSCMS Music Portal System v4.2. A SQL injection vulnerability exists in the id parameter of /admin.php/pic/admin/lists/zhuan, caused by inadequate input validation. The CNVD/Red Hat/NVD records describe an ability to execute arbitrary SQL to exfiltrate data. There is no pat...

7.2CVSS7.2AI score0.00896EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.52 views

CVE-2022-29662

The CVE-2022-29662 issue affects CSCMS Music Portal System v4.2, where a SQL injection vulnerability exists via the id parameter in /admin.php/news/admin/news/save. The root cause is lack of validation for external input SQL statements, enabling an attacker to potentially execute arbitrary SQL an...

7.2CVSS7.2AI score0.00793EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.51 views

CVE-2022-29660

CVE-2022-29660 affects CSCMS Music Portal System v4.2. A SQL injection vulnerability exists in the id parameter of /admin.php/pic/admin/pic/del. Root cause: missing input validation for external SQL statements. Impact: allows unauthorized data access/ tampering with the database (as reflected by ...

9.8CVSS9.7AI score0.1144EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.51 views

CVE-2022-29664

CVE-2022-29664 affects CSCMS Music Portal System v4.2. A SQL injection vulnerability exists via the id parameter in /admin.php/pic/admin/type/pl_save caused by lack of input validation. Impact described in CNVD/RH notes: an attacker can execute arbitrary SQL to steal sensitive data. CVSSv3.1 base...

8.8CVSS8.9AI score0.00908EPSS
Web
CVE
CVE
added 2022/05/26 1:27 p.m.49 views

CVE-2022-29689

CVE-2022-29689 impacts CSCMS Music Portal System v4.2, with a blind SQL injection in the id parameter at /admin.php/singer/admin/singer/del. Public sources (CNVD/CNNVD) attribute the vulnerability to a lack of input validation on the id parameter, enabling construction of externally entered SQL s...

7.2CVSS7.2AI score0.00896EPSS
Web