Cscms

cscms

Vendor: Chshcms • 21 CVEs

CVEs (21)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-30898 1Chshcms 1Cscms Nov 21, 2024 Jun 9, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password.
CVE-2022-28552 1Chshcms 1Cscms Nov 21, 2024 May 4, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin.
CVE-2022-27369 1Chshcms 1Cscms Nov 21, 2024 Apr 15, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy.
CVE-2022-27368 1Chshcms 1Cscms Nov 21, 2024 Apr 15, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan.
CVE-2022-27367 1Chshcms 1Cscms Nov 21, 2024 Apr 15, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del.
CVE-2022-27366 1Chshcms 1Cscms Nov 21, 2024 Apr 15, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy.
CVE-2022-27365 1Chshcms 1Cscms Nov 21, 2024 Apr 15, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del.
CVE-2022-27090 1Chshcms 1Cscms Nov 21, 2024 Mar 21, 2022 N/A· v4 5.4 MEDIUM· v3 4.9 MEDIUM· v2 Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter.
CVE-2020-28103 1Chshcms 1Cscms Nov 21, 2024 Jan 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 cscms v4.1 allows for SQL injection via the "page_del" function.
CVE-2020-28102 1Chshcms 1Cscms Nov 21, 2024 Jan 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 cscms v4.1 allows for SQL injection via the "js_del" function.
CVE-2020-21238 1Chshcms 1Cscms Nov 21, 2024 Dec 27, 2021 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.
CVE-2020-22848 1Chshcms 1Cscms Nov 21, 2024 Aug 30, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands.
CVE-2019-9598 1Chshcms 1Cscms Nov 21, 2024 Mar 7, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds.
CVE-2019-6779 1Chshcms 1Cscms Nov 21, 2024 Jan 24, 2019 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.
CVE-2018-17126 1Chshcms 1Cscms Nov 21, 2024 Sep 17, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.
CVE-2018-17125 1Chshcms 1Cscms Nov 21, 2024 Sep 17, 2018 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.
CVE-2018-16732 1Chshcms 1Cscms Nov 21, 2024 Sep 8, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
CVE-2018-16731 1Chshcms 1Cscms Nov 21, 2024 Sep 8, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
CVE-2018-16730 1Chshcms 1Cscms Nov 21, 2024 Sep 8, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 \upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.
CVE-2018-16448 1Chshcms 1Cscms Nov 21, 2024 Sep 4, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web edit...Show more Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.Show less

12 Next