Skip to main content

Cscms

18 CVEs product

Monthly

CVE-2022-30898 MEDIUM POC This Month

A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cscms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-28552 HIGH POC This Week

Cscms 4.1 is vulnerable to SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-27369 HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-27368 HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-27367 HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-27366 HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-27365 HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-27090 MEDIUM POC This Month

Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Cscms
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2019-9598 MEDIUM POC This Month

An issue was discovered in Cscms 4.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Cscms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2019-6779 HIGH POC This Week

Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Cscms
NVD GitHub
CVSS 3.0
8.1
EPSS
0.5%
CVE-2018-17126 CRITICAL POC Act Now

CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Cscms
NVD GitHub
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17125 HIGH POC This Week

CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Cscms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-16732 HIGH This Week

\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Cscms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-16731 CRITICAL POC Act Now

CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Cscms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-16730 MEDIUM This Month

\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Cscms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16448 HIGH POC This Week

Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cscms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-16337 MEDIUM POC This Month

An issue was discovered in Cscms V4.1.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cscms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-11527 HIGH POC This Week

An issue was discovered in CScms v4.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cscms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cscms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Cscms 4.1 is vulnerable to SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Cscms
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in Cscms 4.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Cscms
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC This Week

Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Cscms
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Cscms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Cscms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Cscms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Cscms
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cscms
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in Cscms V4.1.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cscms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in CScms v4.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cscms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy