74cms

36 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (36)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-4329 174cms 174cms Jun 12, 2025 May 6, 2025 5.3 MEDIUM· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to p...Show more A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-46089 174cms 174cms May 28, 2025 Apr 18, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin.
CVE-2024-2561 174cms 174cms Mar 5, 2025 Mar 17, 2024 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company...Show more A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257060.Show less
CVE-2022-42154 174cms 174cmsse May 14, 2025 Oct 17, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-41472 174cms 174cmsse May 14, 2025 Oct 17, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payl...Show more 74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.Show less
CVE-2022-41471 174cms 174cmsse May 14, 2025 Oct 17, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account.
CVE-2022-33097 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job.
CVE-2022-33096 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/resume/index.
CVE-2022-33095 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist.
CVE-2022-33094 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map.
CVE-2022-33093 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resume_list.
CVE-2022-33092 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/index.
CVE-2022-32131 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /index/notice/show.
CVE-2022-32130 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/down_resume/total/nature.
CVE-2022-32129 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/account/safety/trade.
CVE-2022-32128 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/service/increment/add/im.
CVE-2022-32127 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/view_be_browsed/total.
CVE-2022-32126 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company.
CVE-2022-32125 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job.
CVE-2022-32124 174cms 174cmsse Nov 21, 2024 Jun 23, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/.

12 Next