Dscms
Monthly
A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.