Show filters
48 Total Results
Displaying 31-40 of 48
Sort by:
Attacker Value
Unknown

CVE-2022-27368

Disclosure Date: April 15, 2022 (last updated February 23, 2025)
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-27367

Disclosure Date: April 15, 2022 (last updated February 23, 2025)
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-27366

Disclosure Date: April 15, 2022 (last updated February 23, 2025)
Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-27365

Disclosure Date: April 15, 2022 (last updated February 23, 2025)
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-27090

Disclosure Date: March 21, 2022 (last updated February 23, 2025)
Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-28103

Disclosure Date: January 11, 2022 (last updated February 23, 2025)
cscms v4.1 allows for SQL injection via the "page_del" function.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-28102

Disclosure Date: January 11, 2022 (last updated February 23, 2025)
cscms v4.1 allows for SQL injection via the "js_del" function.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-21238

Disclosure Date: December 27, 2021 (last updated February 23, 2025)
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-22848

Disclosure Date: August 30, 2021 (last updated November 29, 2024)
A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-9598

Disclosure Date: March 07, 2019 (last updated November 27, 2024)
An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds.
0
0
View More Topics  < Previous  Next >