Beescms

beescms

Vendor: Beescms • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-31011 1Beescms 1Beescms Aug 21, 2025 Apr 3, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php.
CVE-2020-22334 1Beescms 1Beescms Jan 29, 2025 May 8, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php.
CVE-2020-23572 1Beescms 1Beescms Nov 21, 2024 Nov 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.
CVE-2019-8347 1Beescms 1Beescms Jun 17, 2026 Feb 15, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.
CVE-2018-12739 1Beescms 1Beescms Nov 21, 2024 Jul 5, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.
CVE-2018-10266 1Beescms 1Beescms Nov 21, 2024 Apr 22, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI.