Filtered by vendor Laobancms
Subscribe
Search
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-18166 | 1 Laobancms | 1 Laobancms | 2021-05-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc". | |||||
| CVE-2018-19328 | 1 Laobancms | 1 Laobancms | 2020-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal. | |||||
| CVE-2018-19222 | 1 Laobancms | 1 Laobancms | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists. | |||||
| CVE-2018-19220 | 1 Laobancms | 1 Laobancms | 2018-12-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI. | |||||
| CVE-2018-19221 | 1 Laobancms | 1 Laobancms | 2018-12-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter. | |||||