Filtered by vendor Ftcms
Subscribe
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-37731 | 1 Ftcms | 1 Ftcms | 2024-11-21 | N/A | 6.1 MEDIUM |
ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts malicious JavaScript code into the web page, causing the user / administrator to trigger malicious code when accessing. | |||||
CVE-2022-37730 | 1 Ftcms | 1 Ftcms | 2024-11-21 | N/A | 8.8 HIGH |
In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerability in the PHP page, which causes the attacker to forge a link to trick him to click on a malicious link or visit a page containing attack code, and send a request to the server (corresponding to the identity authentication information) as the victim without the victim's knowledge. | |||||
CVE-2022-30063 | 1 Ftcms | 1 Ftcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
ftcms <=2.1 was discovered to be vulnerable to code execution attacks . | |||||
CVE-2022-30062 | 1 Ftcms | 1 Ftcms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php | |||||
CVE-2022-30061 | 1 Ftcms | 1 Ftcms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp. | |||||
CVE-2022-30060 | 1 Ftcms | 1 Ftcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php |