Total
27 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-21081 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL. | |||||
CVE-2020-20514 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.9 MEDIUM | 8.1 HIGH |
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users. | |||||
CVE-2019-9829 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates. | |||||
CVE-2019-8410 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key). | |||||
CVE-2018-19465 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html. | |||||
CVE-2018-12114 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts. | |||||
CVE-2017-17733 | 1 Maccms | 1 Maccms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request. |