Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laobancms laobancms 2.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-18166
Unrestricted File Upload in LAOBANCMS v2.0 allows remote malicious users to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc".
Laobancms Laobancms 2.0
3.5
CVSSv2
CVE-2020-18167
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote malicious users to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu".
Laobancms Laobancms 2.0
3.5
CVSSv2
CVE-2020-18165
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote malicious users to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".
Laobancms Laobancms 2.0
7.5
CVSSv2
CVE-2018-19328
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.
Laobancms Laobancms 2.0
7.5
CVSSv2
CVE-2018-19220
An issue exists in LAOBANCMS 2.0. It allows remote malicious users to execute arbitrary PHP code via the host parameter to the install/ URI.
Laobancms Laobancms 2.0
3.5
CVSSv2
CVE-2018-19223
An issue exists in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI.
Laobancms Laobancms 2.0
5
CVSSv2
CVE-2018-19224
An issue exists in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies.
Laobancms Laobancms 2.0
6.8
CVSSv2
CVE-2018-19225
An issue exists in LAOBANCMS 2.0. admin/mima.php has CSRF.
Laobancms Laobancms 2.0
5
CVSSv2
CVE-2018-19226
An issue exists in LAOBANCMS 2.0. It allows remote malicious users to list .txt files via a direct request for the /data/0/admin.txt URI.
Laobancms Laobancms 2.0
3.5
CVSSv2
CVE-2018-19227
An issue exists in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter.
Laobancms Laobancms 2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »