Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chshcms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3235
A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function pic_api of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched re...
Chshcms Mccms
NA
CVE-2023-3236
A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function pic_save of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remote...
Chshcms Mccms
NA
CVE-2023-26782
An issue discovered in mccms 2.6.1 allows remote malicious users to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters.
Chshcms Mccms 2.6.1
445
VMScore
CVE-2020-21238
An issue in the user login box of CSCMS v4.0 allows malicious users to hijack user accounts via brute force attacks.
Chshcms Cscms 4.0
383
VMScore
CVE-2018-16730
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.
Chshcms Cscms 4.1
605
VMScore
CVE-2018-16732
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
Chshcms Cscms 4.1
570
VMScore
CVE-2018-17125
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.
Chshcms Cscms 4.1
383
VMScore
CVE-2022-30898
A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote malicious users to change the administrator's username and password.
Chshcms Cscms 4.2
578
VMScore
CVE-2022-27368
Cscms Music Portal System v4.2 exists to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan.
Chshcms Cscms 4.2
NA
CVE-2023-26781
SQL injection vulnerability in mccms 2.6 allows remote malicious users to run arbitrary SQL commands via Author Center ->Reader Comments ->Search.
Chshcms Mccms 2.6
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »