Skip to main content

71Cms

2 CVEs product

Monthly

CVE-2024-25187 HIGH POC This Week

Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF 71Cms
NVD GitHub
CVSS 3.1
8.6
EPSS
0.7%
CVE-2024-25166 MEDIUM This Month

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP XSS 71Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
EPSS 1% CVSS 8.6
HIGH POC This Week

Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF 71Cms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP XSS +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy