Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laobancms laobancms 2.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-18166
Unrestricted File Upload in LAOBANCMS v2.0 allows remote malicious users to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc".
Laobancms Laobancms 2.0
4.8
CVSSv3
CVE-2020-18167
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote malicious users to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu".
Laobancms Laobancms 2.0
4.8
CVSSv3
CVE-2020-18165
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote malicious users to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".
Laobancms Laobancms 2.0
9.8
CVSSv3
CVE-2018-19328
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.
Laobancms Laobancms 2.0
9.8
CVSSv3
CVE-2018-19220
An issue exists in LAOBANCMS 2.0. It allows remote malicious users to execute arbitrary PHP code via the host parameter to the install/ URI.
Laobancms Laobancms 2.0
9.8
CVSSv3
CVE-2018-19222
An issue exists in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.
Laobancms Laobancms 2.0
8.8
CVSSv3
CVE-2018-19225
An issue exists in LAOBANCMS 2.0. admin/mima.php has CSRF.
Laobancms Laobancms 2.0
5.4
CVSSv3
CVE-2018-19227
An issue exists in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter.
Laobancms Laobancms 2.0
5.4
CVSSv3
CVE-2018-19229
An issue exists in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter.
Laobancms Laobancms 2.0
9.8
CVSSv3
CVE-2018-19221
An issue exists in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.
Laobancms Laobancms 2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »