Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chshcms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-29660
CSCMS Music Portal System v4.2 exists to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del.
Chshcms Cscms Music Portal System 4.2
7.5
CVSSv2
CVE-2020-28103
cscms v4.1 allows for SQL injection via the "page_del" function.
Chshcms Cscms 4.1
7.5
CVSSv2
CVE-2020-28102
cscms v4.1 allows for SQL injection via the "js_del" function.
Chshcms Cscms 4.1
7.5
CVSSv2
CVE-2020-22848
A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows malicious users to execute arbitrary commands.
Chshcms Cscms 4.1
7.5
CVSSv2
CVE-2018-17126
CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.
Chshcms Cscms 4.1
7.5
CVSSv2
CVE-2018-16731
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
Chshcms Cscms 4.1
6.8
CVSSv2
CVE-2018-16732
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
Chshcms Cscms 4.1
6.8
CVSSv2
CVE-2018-16448
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.
Chshcms Cscms 4.0
6.5
CVSSv2
CVE-2022-29663
CSCMS Music Portal System v4.2 exists to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy.
Chshcms Cscms Music Portal System 4.2
6.5
CVSSv2
CVE-2022-29688
CSCMS Music Portal System v4.2 exists to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy.
Chshcms Cscms Music Portal System 4.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »