10 matches found
CVE-2022-24608
CVE-2022-24608 affects Luocms v2.0 with Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php. The root cause is lack of input validation/filtering and unsafe output of user-supplied data, enabling an attacker to inject JavaScript code that could be executed in the client b...
CVE-2022-24600
CVE-2022-24600 : Luocms v2.0 is affected by a SQL Injection vulnerability in the /admin/login.php endpoint that allows an attacker to log in to the backend through crafted SQL statements. This is the core issue described across multiple sources (CNVD/CNNVD/NVD. Red Hat and other feeds reiterate t...
CVE-2022-24609
CVE-2022-24609 affects Luocms v2.0. The vulnerability is an incorrect access-control flaw that allows an unauthenticated or minimally privileged attacker to write an arbitrary shell file through /admin/templates/template_manage.php. Several connected records describe the root cause as insufficien...
CVE-2022-24607
CVE-2022-24607 affects Luocms v2.0 with a SQL Injection vulnerability in /admin/news/news_ok.php. The root cause is lack of validation for external input SQL statements, enabling potential unauthorized data access. Connected records (CNVD/RedHat/CNNVD/etc.) corroborate the same description withou...
CVE-2022-24603
Luocms v2.0 (article management system) is affected by an SQL injection in /admin/news/sort_mod.php. The root cause is lack of input validation/execution of untrusted SQL statements in that endpoint, enabling attackers to run arbitrary SQL commands and potentially access or exfiltrate sensitive d...
CVE-2022-24605
CVE-2022-24605 applies to Luocms v2.0, with a SQL injection in /admin/link/link_ok.php. The root cause is lack of validation of external input SQL statements, enabling an attacker to alter or retrieve database data. Documents from CNVD/CNNVD and Red Hat and CVE records confirm the existence of a ...
CVE-2022-24601
Luocms v2.0 is affected by a SQL Injection vulnerability in /admin/manager/admin_mod.php due to lack of validation/ sanitization of external input in SQL statements. An attacker could obtain sensitive database data. This CVE (CVE-2022-24601) is documented across multiple feeds (NVD, CNVD, Red Hat...
CVE-2022-24602
CVE-2022-24602 affects Luocms v2.0. A SQL injection vulnerability exists in the admin module file /admin/news/news_mod.php due to lack of validation of external input in SQL statements, enabling an attacker to execute arbitrary SQL commands and potentially steal sensitive database data. The incid...
CVE-2022-24604
Luocms v2.0 contains a SQL injection in /admin/link/link_mod.php due to a lack of validation of external input, enabling potentially arbitrary SQL execution and access to sensitive data (per CNVD/Red Hat entries). The CVE is characterized with a CRITICAL impact (CVSSv3.1 9.8; v2.0 score 7.5). No ...
CVE-2022-24606
CVE-2022-24606 affects Luocms v2.0 with a SQL injection in the /admin/news/sort_ok.php endpoint. The root cause is lack of validation for external input SQL statements, enabling an attacker to execute arbitrary SQL against the database and potentially exfiltrate data. Several connected sources (N...