Cscms Security Vulnerabilities and Issues — Cscms CVE List

An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save.

6.5CVSS6.5AI score0.00117EPSS

CVE•added 2018/09/04 4:29 a.m.•29 views

CVE-2018-16448

Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.

8.8CVSS8.6AI score0.00145EPSS

CVE•added 2018/09/08 3:29 p.m.•29 views

CVE-2018-16731

CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.

9.8CVSS9.3AI score0.00433EPSS