Ftcms

ftcms

8 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-2133 1Ftcms 1Ftcms Jun 17, 2026 Mar 10, 2025 4.8 MEDIUM· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. The manipulation of the argument title leads to cross s...Show more A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-2132 1Ftcms 1Ftcms Jun 17, 2026 Mar 9, 2025 5.1 MEDIUM· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability classified as critical has been found in ftcms 2.1. Affected is an unknown function of the file /admin/index.php/web/ajax_all_lists of the component Search. The manipulation of the argument name leads to...Show more A vulnerability classified as critical has been found in ftcms 2.1. Affected is an unknown function of the file /admin/index.php/web/ajax_all_lists of the component Search. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2022-37731 1Ftcms 1Ftcms Jun 17, 2026 Sep 7, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts malicious JavaScript code into the web page, causing the user / administrator to trigger malicious code when accessing.
CVE-2022-37730 1Ftcms 1Ftcms Jun 17, 2026 Sep 7, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerability in the PHP page, which causes the attacker to forge a link to trick him to click on a malicious link or visit a page containing attack code, and se...Show more In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerability in the PHP page, which causes the attacker to forge a link to trick him to click on a malicious link or visit a page containing attack code, and send a request to the server (corresponding to the identity authentication information) as the victim without the victim's knowledge.Show less
CVE-2022-30063 1Ftcms 1Ftcms Jun 17, 2026 May 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 ftcms <=2.1 was discovered to be vulnerable to code execution attacks .
CVE-2022-30062 1Ftcms 1Ftcms Jun 17, 2026 May 11, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php
CVE-2022-30061 1Ftcms 1Ftcms Jun 17, 2026 May 11, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp.
CVE-2022-30060 1Ftcms 1Ftcms Jun 17, 2026 May 11, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php