71cms

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-25187 1Xiaocheng Keji 171cms Jun 10, 2025 Apr 2, 2024 N/A· v4 8.6 HIGH· v3 N/A· v2 Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html.
CVE-2024-25166 1Xiaocheng Keji 171cms May 23, 2025 Feb 27, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file.