Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
maccms maccms 10.0 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-9829
Maccms 10 allows remote malicious users to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates.
Maccms Maccms 10.0
7.5
CVSSv2
CVE-2021-45786
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.
Maccms Maccms 10.0
4.9
CVSSv2
CVE-2020-20514
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated malicious users to delete all users.
Maccms Maccms 10.0
4.3
CVSSv2
CVE-2020-21387
A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows malicious users to obtain the administrator cookie and escalate privileges via a crafted payload.
Maccms Maccms 10.0
3.5
CVSSv2
CVE-2020-21434
Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field.
Maccms Maccms 10.0
NA
CVE-2022-44870
A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module.
Maccms Maccms 10.0
2 Github repositories
4.3
CVSSv2
CVE-2022-26573
Maccms v10 exists to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters.
Maccms Maccms 10.0
NA
CVE-2022-35148
maccms10 v2021.1000.1081 to v2022.1000.3031 exists to contain a SQL injection vulnerability via the table parameter at database/columns.html.
Maccms Maccms 10.0
4.3
CVSSv2
CVE-2022-27884
Maccms v10 exists to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter.
Maccms Maccms 10.0
4.3
CVSSv2
CVE-2022-27886
Maccms v10 exists to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter.
Maccms Maccms 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »