Vulnerabilities (CVE)

Filtered by vendor Chshcms Subscribe

Filtered by product Cscms

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-28103	1 Chshcms	1 Cscms	2022-01-14	7.5 HIGH	9.8 CRITICAL
cscms v4.1 allows for SQL injection via the "page_del" function.
CVE-2020-28102	1 Chshcms	1 Cscms	2022-01-14	7.5 HIGH	9.8 CRITICAL
cscms v4.1 allows for SQL injection via the "js_del" function.
CVE-2020-21238	1 Chshcms	1 Cscms	2022-01-10	5.0 MEDIUM	9.8 CRITICAL
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.
CVE-2020-22848	1 Chshcms	1 Cscms	2021-09-07	7.5 HIGH	9.8 CRITICAL
A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands.
CVE-2018-17126	1 Chshcms	1 Cscms	2018-11-19	7.5 HIGH	9.8 CRITICAL
CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.
CVE-2018-16731	1 Chshcms	1 Cscms	2018-10-30	7.5 HIGH	9.8 CRITICAL
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.