8cms

4 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-20735 18cms 1Ljcms Jun 17, 2026 Jun 20, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter.
CVE-2020-21237 18cms 1Ljcms Jun 17, 2026 Dec 27, 2021 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks.
CVE-2020-20979 18cms 1Ljcms Jun 17, 2026 Aug 12, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.
CVE-2020-20583 18cms 1Ljcms Jun 17, 2026 Jul 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R60321 allows attackers to obtain sensitive database information.