74cmsse

Vendor: 74cms • 19 CVEs

CVEs (19)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-42154 174cms 174cmsse May 14, 2025 Oct 17, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-41472 174cms 174cmsse May 14, 2025 Oct 17, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payl...Show more 74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.Show less
CVE-2022-41471 174cms 174cmsse May 14, 2025 Oct 17, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account.
CVE-2022-33097 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job.
CVE-2022-33096 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/resume/index.
CVE-2022-33095 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist.
CVE-2022-33094 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map.
CVE-2022-33093 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resume_list.
CVE-2022-33092 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/index.
CVE-2022-32131 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /index/notice/show.
CVE-2022-32130 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/down_resume/total/nature.
CVE-2022-32129 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/account/safety/trade.
CVE-2022-32128 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/service/increment/add/im.
CVE-2022-32127 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/view_be_browsed/total.
CVE-2022-32126 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company.
CVE-2022-32125 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job.
CVE-2022-32124 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/.
CVE-2022-29721 174cms 174cmsse Nov 21, 2024 May 26, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist.
CVE-2022-29720 174cms 174cmsse Nov 21, 2024 May 26, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.