CVE-2021-31280

CVE-2021-31280 affects tp5cms prior to or through 2017-05-25. The issue is a cross-site scripting (XSS) vulnerability in admin.php/system/set.html exploitable via the keywords parameter. The related Red Hat/NVD/EU references corroborate an XSS in tp5cms with the same endpoint and parameter. CVSS ...

CVE-2018-19693

tp5cms (a PHP-based CMS framework) contains a cross-site scripting vulnerability in admin.php/system/set.html through the title parameter, present in tp5cms up to 2017-05-25. A remote attacker can inject arbitrary scripts/HTML via the title field. The CNVD entry for CNVD-2018-26479 explicitly des...

CVE-2018-19692

CVE-2018-19692 affects tp5cms (through 2017-05-25). The vulnerability is in admin.php/upload/picture.html, where uploading a .php file with image/jpeg content type allows remote code execution. Public sources describe tp5cms as a PHP-based CMS framework; CNVD notes vulnerability in 2017-05-25 and...

CVE-2018-15568

The CVE-2018-15568 issue affects tp5cms (ThinkPHP-based CMS) through 2017-05-25, with a Cross-Site Request Forgery (CSRF) vulnerability exposed via the admin.php/category/delete.html page. The vulnerability allows CSRF to cause deletion actions (notably “type items”) when an attacker entices an a...

CVE-2018-15566

CVE-2018-15566 affects tp5cms prior to or on 2017-05-25. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the q parameter in admin.php/article/index.html, enabling injection of arbitrary script/HTML. Affected component is tp5cms’s admin article listing functionality; root ca...