Cscms Security Vulnerabilities and Issues — Cscms CVE List

Lucene search

ChshcmsCscms

4 matches found

CVE•added 2022/05/04 3:15 p.m.•63 views

CVE-2022-28552

Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin.

8.8CVSS9AI score0.00227EPSS

CVE•added 2018/09/08 3:29 p.m.•38 views

CVE-2018-16732

\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.

8.8CVSS8.6AI score0.00141EPSS

CVE•added 2019/01/24 7:29 p.m.•32 views

CVE-2019-6779

Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.

8.1CVSS8AI score0.00101EPSS

CVE•added 2018/09/04 4:29 a.m.•29 views

CVE-2018-16448

Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.

8.8CVSS8.6AI score0.00145EPSS