Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laobancms laobancms 2.0 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-18166
Unrestricted File Upload in LAOBANCMS v2.0 allows remote malicious users to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc".
Laobancms Laobancms 2.0
312
VMScore
CVE-2020-18167
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote malicious users to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu".
Laobancms Laobancms 2.0
312
VMScore
CVE-2020-18165
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote malicious users to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".
Laobancms Laobancms 2.0
668
VMScore
CVE-2018-19328
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.
Laobancms Laobancms 2.0
668
VMScore
CVE-2018-19220
An issue exists in LAOBANCMS 2.0. It allows remote malicious users to execute arbitrary PHP code via the host parameter to the install/ URI.
Laobancms Laobancms 2.0
668
VMScore
CVE-2018-19221
An issue exists in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.
Laobancms Laobancms 2.0
668
VMScore
CVE-2018-19222
An issue exists in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.
Laobancms Laobancms 2.0
312
VMScore
CVE-2018-19223
An issue exists in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI.
Laobancms Laobancms 2.0
445
VMScore
CVE-2018-19224
An issue exists in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies.
Laobancms Laobancms 2.0
605
VMScore
CVE-2018-19225
An issue exists in LAOBANCMS 2.0. admin/mima.php has CSRF.
Laobancms Laobancms 2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »