Cscms Security Vulnerabilities and Issues — Cscms CVE List | Vulners.com

Lucene search

K

ChshcmsCscms

6 matches found

CVE•added 2022/01/11 4:15 p.m.•37 views

CVE-2020-28102

cscms v4.1 allows for SQL injection via the "js_del" function.

9.8CVSS9.9AI score0.00264EPSS

CVE•added 2018/09/17 4:29 a.m.•36 views

CVE-2018-17126

CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.

9.8CVSS9.5AI score0.04068EPSS

CVE•added 2022/01/11 4:15 p.m.•36 views

CVE-2020-28103

cscms v4.1 allows for SQL injection via the "page_del" function.

9.8CVSS9.9AI score0.00264EPSS

CVE•added 2021/12/27 11:15 p.m.•34 views

CVE-2020-21238

An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.

9.8CVSS9.3AI score0.00339EPSS

CVE•added 2021/08/30 11:15 p.m.•31 views

CVE-2020-22848

A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands.

9.8CVSS9.8AI score0.06472EPSS

CVE•added 2018/09/08 3:29 p.m.•29 views

CVE-2018-16731

CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.

9.8CVSS9.3AI score0.00433EPSS