Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cscms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-11527
An issue exists in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote malicious users to change the administrator's username and password via /admin.php/sys/editpass_save.
Cscms Project Cscms 4.1
6.5
CVSSv3
CVE-2019-9598
An issue exists in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds.
Chshcms Cscms 4.1
9.8
CVSSv3
CVE-2020-28102
cscms v4.1 allows for SQL injection via the "js_del" function.
Chshcms Cscms 4.1
9.8
CVSSv3
CVE-2020-28103
cscms v4.1 allows for SQL injection via the "page_del" function.
Chshcms Cscms 4.1
6.1
CVSSv3
CVE-2018-16730
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.
Chshcms Cscms 4.1
9.8
CVSSv3
CVE-2018-16731
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
Chshcms Cscms 4.1
8.8
CVSSv3
CVE-2018-16732
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
Chshcms Cscms 4.1
7.2
CVSSv3
CVE-2022-27368
Cscms Music Portal System v4.2 exists to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan.
Chshcms Cscms 4.2
6.5
CVSSv3
CVE-2022-30898
A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote malicious users to change the administrator's username and password.
Chshcms Cscms 4.2
8.8
CVSSv3
CVE-2022-28552
Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin.
Chshcms Cscms 4.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525
CVE-2024-4652
CVE-2024-1438
CVE-2024-4671
CVE-2024-34351
arbitrary
CVE-2024-4650
SQL injection
overflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »