Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cscms
(Chshcms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 21 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-30 | CVE-2020-22848 | A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands. | Cscms | 9.8 | ||
| 2021-12-27 | CVE-2020-21238 | An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks. | Cscms | 9.8 | ||
| 2022-01-11 | CVE-2020-28102 | cscms v4.1 allows for SQL injection via the "js_del" function. | Cscms | 9.8 | ||
| 2022-01-11 | CVE-2020-28103 | cscms v4.1 allows for SQL injection via the "page_del" function. | Cscms | 9.8 | ||
| 2022-03-21 | CVE-2022-27090 | Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter. | Cscms | 5.4 | ||
| 2022-04-15 | CVE-2022-27365 | Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del. | Cscms | 7.2 | ||
| 2022-04-15 | CVE-2022-27366 | Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy. | Cscms | 7.2 | ||
| 2022-04-15 | CVE-2022-27367 | Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del. | Cscms | 7.2 | ||
| 2022-04-15 | CVE-2022-27368 | Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan. | Cscms | 7.2 | ||
| 2022-04-15 | CVE-2022-27369 | Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy. | Cscms | 7.2 |