Hisiphp Security Vulnerabilities and Issues — Hisiphp CVE List

Lucene search

HisiphpHisiphp

6 matches found

CVE•added 2019/07/24 1:15 p.m.•93 views

CVE-2019-1010193

hisiphp 1.0.8 is affected by: Cross Site Scripting (XSS).

6.1CVSS6.1AI score0.0024EPSS

CVE•added 2024/04/29 5:15 p.m.•41 views

CVE-2024-33445

An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component.

9.8CVSS7.8AI score0.02206EPSS

CVE•added 2022/04/04 5:15 p.m.•37 views

CVE-2020-28062

An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. '/ Upload/Plugins /, which could let a remote malicious user execute arbitrary code.

7.2CVSS7.2AI score0.0079EPSS

CVE•added 2021/06/21 4:15 p.m.•33 views

CVE-2020-21130

Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the group name in addgroup.html.

6.1CVSS6AI score0.00328EPSS

CVE•added 2018/10/01 8:29 a.m.•30 views

CVE-2018-17827

HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php.

7.2CVSS7.4AI score0.0093EPSS

CVE•added 2018/10/01 8:29 a.m.•29 views

CVE-2018-17826

HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types (.jpg, .png, .gif, .jpeg...

8.8CVSS8.9AI score0.0018EPSS