5 matches found
CVE-2022-27442
The CVE-2022-27442 entry concerns TPCMS v3.2, where attackers can access the ThinkPHP log directory and obtain sensitive information such as the administrator’s username and password. The available connected documents confirm the affected software (TPCMS v3.2), the vulnerable component (ThinkPHP ...
CVE-2022-27441
TPCMS v3.2 is affected by a stored XSS vulnerability. The issue arises from lack of proper validation of client-side data, allowing attackers to inject crafted payloads via the Phone text box to execute arbitrary web scripts/HTML. The CVE-2022-27441 description consistently states this is a store...
CVE-2022-29624
TPCMS v3.2 contains an arbitrary file upload vulnerability in the Add File function that can allow an attacker to execute arbitrary PHP code via a crafted file. The issue stems from insufficient validation of uploaded files, enabling remote code execution. Affected product: TPCMS 3.2 (open‑source...
CVE-2021-36545
The CVE-2021-36545 entry refers to a Cross-Site Scripting (XSS) vulnerability in tpcms version 3.2 where the cfg_copyright and cfg_tel fields in the Site Configuration page can be exploited to run arbitrary code remotely. Affected software: tpcms 3.2; vulnerable component: Site Configuration inpu...
CVE-2021-36544
CVE-2021-36544 describes an access-control vulnerability in tpcms 3.2 where remote attackers can view sensitive information by manipulating the URL path. Multiple connected documents (NVD, Red Hat, CNVD, CNVD-derived references, and related catalogs) consistently identify it as an improper access...