Luocms Project

luocms_project

10 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-24609 1Luocms Project 1Luocms Nov 21, 2024 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/template_manage.php, an attacker can write an arbitrary shell file.
CVE-2022-24608 1Luocms Project 1Luocms Nov 21, 2024 Mar 10, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php.
CVE-2022-24607 1Luocms Project 1Luocms Nov 21, 2024 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php.
CVE-2022-24606 1Luocms Project 1Luocms Nov 21, 2024 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php.
CVE-2022-24605 1Luocms Project 1Luocms Nov 21, 2024 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php.
CVE-2022-24604 1Luocms Project 1Luocms Nov 21, 2024 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php.
CVE-2022-24603 1Luocms Project 1Luocms Nov 21, 2024 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php.
CVE-2022-24602 1Luocms Project 1Luocms Nov 21, 2024 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php.
CVE-2022-24601 1Luocms Project 1Luocms Nov 21, 2024 Mar 10, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements.
CVE-2022-24600 1Luocms Project 1Luocms Nov 21, 2024 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements.