Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Chshcms Subscribe
Total 46 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-16731 1 Chshcms 1 Cscms 2024-02-04 7.5 HIGH 9.8 CRITICAL
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
CVE-2018-16732 1 Chshcms 1 Cscms 2024-02-04 6.8 MEDIUM 8.8 HIGH
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
CVE-2018-16730 1 Chshcms 1 Cscms 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.
CVE-2019-6779 1 Chshcms 1 Cscms 2024-02-04 5.8 MEDIUM 8.1 HIGH
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.
CVE-2018-16448 1 Chshcms 1 Cscms 2024-02-04 6.8 MEDIUM 8.8 HIGH
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.
CVE-2018-17125 1 Chshcms 1 Cscms 2024-02-04 6.4 MEDIUM 7.5 HIGH
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.