Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chshcms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3235
A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function pic_api of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched re...
Chshcms Mccms
NA
CVE-2023-3236
A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function pic_save of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remote...
Chshcms Mccms
383
VMScore
CVE-2018-16730
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.
Chshcms Cscms 4.1
605
VMScore
CVE-2018-16732
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
Chshcms Cscms 4.1
578
VMScore
CVE-2022-27365
Cscms Music Portal System v4.2 exists to contain a SQL injection vulnerability via the component dance_Dance.php_del.
Chshcms Cscms 4.2
578
VMScore
CVE-2022-27366
Cscms Music Portal System v4.2 exists to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy.
Chshcms Cscms 4.2
578
VMScore
CVE-2022-27367
Cscms Music Portal System v4.2 exists to contain a SQL injection vulnerability via the component dance_Topic.php_del.
Chshcms Cscms 4.2
578
VMScore
CVE-2022-27368
Cscms Music Portal System v4.2 exists to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan.
Chshcms Cscms 4.2
578
VMScore
CVE-2022-27369
Cscms Music Portal System v4.2 exists to contain a SQL injection vulnerability via the component news_News.php_hy.
Chshcms Cscms 4.2
NA
CVE-2023-5029
A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the publi...
Chshcms Mccms 2.6
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »