Lucene search
K
Luocms ProjectLuocms

10 matches found

CVE
CVE
added 2022/03/09 1:17 p.m.107 views

CVE-2022-24608

CVE-2022-24608 affects Luocms v2.0 with Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php. The root cause is lack of input validation/filtering and unsafe output of user-supplied data, enabling an attacker to inject JavaScript code that could be executed in the client b...

6.1CVSS6AI score0.00665EPSS
CVE
CVE
added 2022/03/09 11:55 a.m.86 views

CVE-2022-24600

CVE-2022-24600 : Luocms v2.0 is affected by a SQL Injection vulnerability in the /admin/login.php endpoint that allows an attacker to log in to the backend through crafted SQL statements. This is the core issue described across multiple sources (CNVD/CNNVD/NVD. Red Hat and other feeds reiterate t...

9.8CVSS9.9AI score0.01285EPSS
Web
CVE
CVE
added 2022/03/09 1:32 p.m.84 views

CVE-2022-24609

CVE-2022-24609 affects Luocms v2.0. The vulnerability is an incorrect access-control flaw that allows an unauthenticated or minimally privileged attacker to write an arbitrary shell file through /admin/templates/template_manage.php. Several connected records describe the root cause as insufficien...

10CVSS9.5AI score0.01526EPSS
CVE
CVE
added 2022/03/09 1:8 p.m.82 views

CVE-2022-24607

CVE-2022-24607 affects Luocms v2.0 with a SQL Injection vulnerability in /admin/news/news_ok.php. The root cause is lack of validation for external input SQL statements, enabling potential unauthorized data access. Connected records (CNVD/RedHat/CNNVD/etc.) corroborate the same description withou...

9.8CVSS9.9AI score0.01137EPSS
CVE
CVE
added 2022/03/09 12:29 p.m.80 views

CVE-2022-24603

Luocms v2.0 (article management system) is affected by an SQL injection in /admin/news/sort_mod.php. The root cause is lack of input validation/execution of untrusted SQL statements in that endpoint, enabling attackers to run arbitrary SQL commands and potentially access or exfiltrate sensitive d...

9.8CVSS9.9AI score0.01137EPSS
CVE
CVE
added 2022/03/09 12:49 p.m.80 views

CVE-2022-24605

CVE-2022-24605 applies to Luocms v2.0, with a SQL injection in /admin/link/link_ok.php. The root cause is lack of validation of external input SQL statements, enabling an attacker to alter or retrieve database data. Documents from CNVD/CNNVD and Red Hat and CVE records confirm the existence of a ...

9.8CVSS9.9AI score0.01137EPSS
CVE
CVE
added 2022/03/09 12:13 p.m.79 views

CVE-2022-24601

Luocms v2.0 is affected by a SQL Injection vulnerability in /admin/manager/admin_mod.php due to lack of validation/ sanitization of external input in SQL statements. An attacker could obtain sensitive database data. This CVE (CVE-2022-24601) is documented across multiple feeds (NVD, CNVD, Red Hat...

7.5CVSS7.8AI score0.01146EPSS
CVE
CVE
added 2022/03/09 12:19 p.m.77 views

CVE-2022-24602

CVE-2022-24602 affects Luocms v2.0. A SQL injection vulnerability exists in the admin module file /admin/news/news_mod.php due to lack of validation of external input in SQL statements, enabling an attacker to execute arbitrary SQL commands and potentially steal sensitive database data. The incid...

9.8CVSS9.9AI score0.01137EPSS
CVE
CVE
added 2022/03/09 12:39 p.m.77 views

CVE-2022-24604

Luocms v2.0 contains a SQL injection in /admin/link/link_mod.php due to a lack of validation of external input, enabling potentially arbitrary SQL execution and access to sensitive data (per CNVD/Red Hat entries). The CVE is characterized with a CRITICAL impact (CVSSv3.1 9.8; v2.0 score 7.5). No ...

9.8CVSS9.9AI score0.01137EPSS
CVE
CVE
added 2022/03/09 1:0 p.m.77 views

CVE-2022-24606

CVE-2022-24606 affects Luocms v2.0 with a SQL injection in the /admin/news/sort_ok.php endpoint. The root cause is lack of validation for external input SQL statements, enabling an attacker to execute arbitrary SQL against the database and potentially exfiltrate data. Several connected sources (N...

9.8CVSS9.9AI score0.01137EPSS