Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chshcms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-3235
A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function pic_api of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched re...
Chshcms Mccms
8.8
CVSSv3
CVE-2023-3236
A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function pic_save of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remote...
Chshcms Mccms
8.8
CVSSv3
CVE-2022-28552
Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin.
Chshcms Cscms 4.1
8.8
CVSSv3
CVE-2018-16732
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
Chshcms Cscms 4.1
6.1
CVSSv3
CVE-2018-16730
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.
Chshcms Cscms 4.1
9.8
CVSSv3
CVE-2018-16731
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
Chshcms Cscms 4.1
8.1
CVSSv3
CVE-2019-6779
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.
Chshcms Cscms 4.1.8
6.5
CVSSv3
CVE-2023-26782
An issue discovered in mccms 2.6.1 allows remote malicious users to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters.
Chshcms Mccms 2.6.1
6.5
CVSSv3
CVE-2022-30898
A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote malicious users to change the administrator's username and password.
Chshcms Cscms 4.2
6.5
CVSSv3
CVE-2018-16337
An issue exists in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save.
Chshcms Cscms 4.1.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »