Show filters
48 Total Results
Displaying 41-48 of 48
Sort by:
Attacker Value
Unknown
CVE-2019-6779
Disclosure Date: January 24, 2019 (last updated November 27, 2024)
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.
0
Attacker Value
Unknown
CVE-2018-17126
Disclosure Date: September 17, 2018 (last updated November 27, 2024)
CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.
0
Attacker Value
Unknown
CVE-2018-17125
Disclosure Date: September 17, 2018 (last updated November 27, 2024)
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.
0
Attacker Value
Unknown
CVE-2018-16731
Disclosure Date: September 08, 2018 (last updated November 27, 2024)
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
0
Attacker Value
Unknown
CVE-2018-16730
Disclosure Date: September 08, 2018 (last updated November 27, 2024)
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.
0
Attacker Value
Unknown
CVE-2018-16732
Disclosure Date: September 08, 2018 (last updated November 27, 2024)
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
0
Attacker Value
Unknown
CVE-2018-16448
Disclosure Date: September 04, 2018 (last updated November 27, 2024)
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.
0
Attacker Value
Unknown
CVE-2018-16337
Disclosure Date: September 02, 2018 (last updated November 27, 2024)
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save.
0
