Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
maccms maccms vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-19465
Maccms up to and including 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.
Maccms Maccms
383
VMScore
CVE-2019-8410
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key).
Maccms Maccms
685
VMScore
CVE-2018-12114
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
Maccms Maccms 10.0
1 EDB exploit
668
VMScore
CVE-2017-17733
Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request.
Maccms Maccms 8.0
668
VMScore
CVE-2020-21359
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.
Maccms Maccms 10.0
312
VMScore
CVE-2020-21362
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows malicious users to execute arbitrary web scripts or HTML via the 'wd' parameter.
Maccms Maccms 10.0
490
VMScore
CVE-2020-21363
An arbitrary file deletion vulnerability exists within Maccms10.
Maccms Maccms 10.0
578
VMScore
CVE-2019-9829
Maccms 10 allows remote malicious users to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates.
Maccms Maccms 10.0
383
VMScore
CVE-2020-21387
A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows malicious users to obtain the administrator cookie and escalate privileges via a crafted payload.
Maccms Maccms 10.0
383
VMScore
CVE-2020-21081
A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.
Maccms Maccms 8.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »