← Back

Nc Cms

nc-cms

Vendor: Nconsulting • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-7721
1Nconsulting
1Nc Cms
Jun 17, 2026
Feb 11, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters.
CVE-2018-18874
1Nconsulting
1Nc Cms
Nov 21, 2024
Oct 31, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manag...Show more
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI.Show less
CVE-2018-18361
1Nconsulting
1Nc Cms
Nov 21, 2024
Oct 15, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html allows XSS via the name parameter, as demonstrated by a value beginning with home_content and containing a crafted SRC attribute of an IMG...Show more
An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html allows XSS via the name parameter, as demonstrated by a value beginning with home_content and containing a crafted SRC attribute of an IMG element.Show less
CVE-2018-18290
1Nconsulting
1Nc Cms
Nov 21, 2024
Oct 14, 2018
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges,...Show more
An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionalityShow less