Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chshcms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3235
A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function pic_api of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched re...
Chshcms Mccms
NA
CVE-2023-3236
A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function pic_save of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remote...
Chshcms Mccms
6.4
CVSSv2
CVE-2018-17125
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.
Chshcms Cscms 4.1
7.5
CVSSv2
CVE-2020-22848
A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows malicious users to execute arbitrary commands.
Chshcms Cscms 4.1
7.5
CVSSv2
CVE-2020-28103
cscms v4.1 allows for SQL injection via the "page_del" function.
Chshcms Cscms 4.1
5
CVSSv2
CVE-2020-21238
An issue in the user login box of CSCMS v4.0 allows malicious users to hijack user accounts via brute force attacks.
Chshcms Cscms 4.0
4.3
CVSSv2
CVE-2022-30898
A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote malicious users to change the administrator's username and password.
Chshcms Cscms 4.2
6.5
CVSSv2
CVE-2022-27365
Cscms Music Portal System v4.2 exists to contain a SQL injection vulnerability via the component dance_Dance.php_del.
Chshcms Cscms 4.2
6.5
CVSSv2
CVE-2022-27366
Cscms Music Portal System v4.2 exists to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy.
Chshcms Cscms 4.2
6.5
CVSSv2
CVE-2022-27367
Cscms Music Portal System v4.2 exists to contain a SQL injection vulnerability via the component dance_Topic.php_del.
Chshcms Cscms 4.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »