Vulnerabilities (CVE)

Filtered by vendor Ftcms Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-37731 1 Ftcms 1 Ftcms 2024-11-21 N/A 6.1 MEDIUM
ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts malicious JavaScript code into the web page, causing the user / administrator to trigger malicious code when accessing.
CVE-2022-37730 1 Ftcms 1 Ftcms 2024-11-21 N/A 8.8 HIGH
In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerability in the PHP page, which causes the attacker to forge a link to trick him to click on a malicious link or visit a page containing attack code, and send a request to the server (corresponding to the identity authentication information) as the victim without the victim's knowledge.
CVE-2022-30063 1 Ftcms 1 Ftcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
ftcms <=2.1 was discovered to be vulnerable to code execution attacks .
CVE-2022-30062 1 Ftcms 1 Ftcms 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php
CVE-2022-30061 1 Ftcms 1 Ftcms 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp.
CVE-2022-30060 1 Ftcms 1 Ftcms 2024-11-21 6.5 MEDIUM 8.8 HIGH
ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php