Vulnerabilities (CVE)

Filtered by vendor Chshcms Subscribe
Total 48 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-6779 1 Chshcms 1 Cscms 2024-11-21 5.8 MEDIUM 8.1 HIGH
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.
CVE-2018-17126 1 Chshcms 1 Cscms 2024-11-21 7.5 HIGH 9.8 CRITICAL
CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.
CVE-2018-17125 1 Chshcms 1 Cscms 2024-11-21 6.4 MEDIUM 7.5 HIGH
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.
CVE-2018-16732 1 Chshcms 1 Cscms 2024-11-21 6.8 MEDIUM 8.8 HIGH
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
CVE-2018-16731 1 Chshcms 1 Cscms 2024-11-21 7.5 HIGH 9.8 CRITICAL
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
CVE-2018-16730 1 Chshcms 1 Cscms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.
CVE-2018-16448 1 Chshcms 1 Cscms 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.
CVE-2018-16337 1 Chshcms 1 Cscms 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save.