74cms

Vendor: 74cms • 17 CVEs

CVEs (17)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-4329 174cms 174cms Jun 12, 2025 May 6, 2025 5.3 MEDIUM· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to p...Show more A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-46089 174cms 174cms May 28, 2025 Apr 18, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin.
CVE-2024-2561 174cms 174cms Mar 5, 2025 Mar 17, 2024 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company...Show more A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257060.Show less
CVE-2022-26271 174cms 174cms Nov 21, 2024 Mar 28, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php.
CVE-2020-22421 174cms 174cms Nov 21, 2024 Dec 8, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vulnerability via /index.php?m=&c=help&a=help_list&key.
CVE-2020-22212 174cms 174cms Nov 21, 2024 Jun 16, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php.
CVE-2020-22211 174cms 174cms Nov 21, 2024 Jun 16, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php.
CVE-2020-22210 174cms 174cms Nov 21, 2024 Jun 16, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php.
CVE-2020-22209 174cms 174cms Nov 21, 2024 Jun 16, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php.
CVE-2020-22208 174cms 174cms Nov 21, 2024 Jun 16, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php.
CVE-2020-35339 174cms 174cms Nov 21, 2024 Feb 17, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and cont...Show more In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server.Show less
CVE-2020-29279 174cms 174cms Nov 21, 2024 Dec 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.
CVE-2019-17612 174cms 174cms Nov 21, 2024 Oct 15, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter.
CVE-2019-11374 174cms 174cms Nov 21, 2024 Apr 20, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
CVE-2019-10684 174cms 174cms Nov 21, 2024 Apr 1, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code via the index.php?m=Admin&c=config&a=edit site_domain parameter.
CVE-2018-20519 174cms 174cms Nov 21, 2024 Dec 27, 2018 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal&a=ajax_save_basic pid pa...Show more An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal&a=ajax_save_basic pid parameter.Show less
CVE-2018-20454 174cms 174cms Nov 21, 2024 Dec 25, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the key parameter.