Vulnerabilities (CVE)

Filtered by vendor Chshcms Subscribe
Filtered by product Cscms
Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-28103 1 Chshcms 1 Cscms 2022-01-14 7.5 HIGH 9.8 CRITICAL
cscms v4.1 allows for SQL injection via the "page_del" function.
CVE-2020-28102 1 Chshcms 1 Cscms 2022-01-14 7.5 HIGH 9.8 CRITICAL
cscms v4.1 allows for SQL injection via the "js_del" function.
CVE-2020-21238 1 Chshcms 1 Cscms 2022-01-10 5.0 MEDIUM 9.8 CRITICAL
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.
CVE-2020-22848 1 Chshcms 1 Cscms 2021-09-07 7.5 HIGH 9.8 CRITICAL
A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands.
CVE-2019-9598 1 Chshcms 1 Cscms 2019-03-08 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds.
CVE-2019-6779 1 Chshcms 1 Cscms 2019-01-25 5.8 MEDIUM 8.1 HIGH
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.
CVE-2018-17126 1 Chshcms 1 Cscms 2018-11-19 7.5 HIGH 9.8 CRITICAL
CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.
CVE-2018-17125 1 Chshcms 1 Cscms 2018-11-19 6.4 MEDIUM 7.5 HIGH
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.
CVE-2018-16731 1 Chshcms 1 Cscms 2018-10-30 7.5 HIGH 9.8 CRITICAL
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
CVE-2018-16337 1 Chshcms 1 Cscms 2018-10-25 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save.
CVE-2018-16448 1 Chshcms 1 Cscms 2018-10-25 6.8 MEDIUM 8.8 HIGH
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.
CVE-2018-16732 1 Chshcms 1 Cscms 2018-10-19 6.8 MEDIUM 8.8 HIGH
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
CVE-2018-16730 1 Chshcms 1 Cscms 2018-10-19 4.3 MEDIUM 6.1 MEDIUM
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.