Lucene search
K
NconsultingNc-cms

4 matches found

CVE
CVE
added 2019/02/11 3:0 a.m.50 views

CVE-2019-7721

CVE-2019-7721 affects nc-cms 3.5. The vulnerability is in lib/NCCms.class.php where uploading a ".php" file is possible via the index.php?action=save name and editordata parameters. The connected Red Hat/NVD entries corroborate the file upload issue and the associated impact (integrity concerns)....

7.5CVSS7.5AI score0.01184EPSS
Web
CVE
CVE
added 2018/10/14 9:0 p.m.46 views

CVE-2018-18290

CVE-2018-18290 concerns nc-cms where an XSS vulnerability exists in the index.php?action=edit_html&name=home_content endpoint, exploitable via the HTML Source Editor. Affected software: nc-cms (through 2017-03-10). Root cause: input of JavaScript via the HTML Source Editor in that URI, with vendo...

4.8CVSS4.8AI score0.00621EPSS
CVE
CVE
added 2018/10/15 3:0 p.m.42 views

CVE-2018-18361

nc-cms (through 2017-03-10) contains a cross-site scripting (XSS) vulnerability in index.php?action=edit_html where the name parameter can inject arbitrary script/HTML via an IMG SRC attribute. This has been documented in CNVD-2018-21238 and related CVE-2018-18361 records, with exploit details in...

6.1CVSS5.9AI score0.00802EPSS
CVE
CVE
added 2018/10/31 4:0 p.m.41 views

CVE-2018-18874

CVE-2018-18874 affects nc-cms up to 2017-03-10. Remote attackers can execute arbitrary PHP code via the Upload File or Image feature when uploading a file named *.php with Content-Type: application/octet-stream to index.php?action=file_manager_upload. The vulnerability description does not specif...

9.8CVSS9.7AI score0.02062EPSS
Web