Lucene search
K
Tpcms ProjectTpcms

5 matches found

CVE
CVE
added 2022/04/04 9:1 p.m.91 views

CVE-2022-27442

The CVE-2022-27442 entry concerns TPCMS v3.2, where attackers can access the ThinkPHP log directory and obtain sensitive information such as the administrator’s username and password. The available connected documents confirm the affected software (TPCMS v3.2), the vulnerable component (ThinkPHP ...

7.5CVSS7.3AI score0.00977EPSS
CVE
CVE
added 2022/04/04 9:1 p.m.67 views

CVE-2022-27441

TPCMS v3.2 is affected by a stored XSS vulnerability. The issue arises from lack of proper validation of client-side data, allowing attackers to inject crafted payloads via the Phone text box to execute arbitrary web scripts/HTML. The CVE-2022-27441 description consistently states this is a store...

4.8CVSS4.9AI score0.00435EPSS
CVE
CVE
added 2022/05/31 9:0 p.m.56 views

CVE-2022-29624

TPCMS v3.2 contains an arbitrary file upload vulnerability in the Add File function that can allow an attacker to execute arbitrary PHP code via a crafted file. The issue stems from insufficient validation of uploaded files, enabling remote code execution. Affected product: TPCMS 3.2 (open‑source...

8.8CVSS8.8AI score0.01199EPSS
CVE
CVE
added 2023/02/03 12:0 a.m.48 views

CVE-2021-36545

The CVE-2021-36545 entry refers to a Cross-Site Scripting (XSS) vulnerability in tpcms version 3.2 where the cfg_copyright and cfg_tel fields in the Site Configuration page can be exploited to run arbitrary code remotely. Affected software: tpcms 3.2; vulnerable component: Site Configuration inpu...

5.4CVSS5.4AI score0.00506EPSS
CVE
CVE
added 2023/02/03 12:0 a.m.46 views

CVE-2021-36544

CVE-2021-36544 describes an access-control vulnerability in tpcms 3.2 where remote attackers can view sensitive information by manipulating the URL path. Multiple connected documents (NVD, Red Hat, CNVD, CNVD-derived references, and related catalogs) consistently identify it as an improper access...

7.5CVSS7.3AI score0.00923EPSS