4 matches found
CVE-2019-7721
CVE-2019-7721 affects nc-cms 3.5. The vulnerability is in lib/NCCms.class.php where uploading a ".php" file is possible via the index.php?action=save name and editordata parameters. The connected Red Hat/NVD entries corroborate the file upload issue and the associated impact (integrity concerns)....
CVE-2018-18290
CVE-2018-18290 concerns nc-cms where an XSS vulnerability exists in the index.php?action=edit_html&name=home_content endpoint, exploitable via the HTML Source Editor. Affected software: nc-cms (through 2017-03-10). Root cause: input of JavaScript via the HTML Source Editor in that URI, with vendo...
CVE-2018-18361
nc-cms (through 2017-03-10) contains a cross-site scripting (XSS) vulnerability in index.php?action=edit_html where the name parameter can inject arbitrary script/HTML via an IMG SRC attribute. This has been documented in CNVD-2018-21238 and related CVE-2018-18361 records, with exploit details in...
CVE-2018-18874
CVE-2018-18874 affects nc-cms up to 2017-03-10. Remote attackers can execute arbitrary PHP code via the Upload File or Image feature when uploading a file named *.php with Content-Type: application/octet-stream to index.php?action=file_manager_upload. The vulnerability description does not specif...