Vulnerabilities > Chshcms > Cscms > 4.1

DATE CVE VULNERABILITY TITLE RISK
2022-05-04 CVE-2022-28552 SQL Injection vulnerability in Chshcms Cscms 4.1
Cscms 4.1 is vulnerable to SQL Injection.
network
low complexity
chshcms CWE-89
8.8
8.8
2022-01-11 CVE-2020-28102 SQL Injection vulnerability in Chshcms Cscms 4.1
cscms v4.1 allows for SQL injection via the "js_del" function.
network
low complexity
chshcms CWE-89
critical
 9.8
9.8
2022-01-11 CVE-2020-28103 SQL Injection vulnerability in Chshcms Cscms 4.1
cscms v4.1 allows for SQL injection via the "page_del" function.
network
low complexity
chshcms CWE-89
critical
 9.8
9.8
2021-08-30 CVE-2020-22848 Unspecified vulnerability in Chshcms Cscms 4.1
A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands.
network
low complexity
chshcms
critical
 9.8
9.8
2019-03-07 CVE-2019-9598 Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1
An issue was discovered in Cscms 4.1.0.
network
low complexity
chshcms CWE-352
6.5
6.5
2018-09-17 CVE-2018-17126 Code Injection vulnerability in Chshcms Cscms 4.1
CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.
network
low complexity
chshcms CWE-94
critical
 9.8
9.8
2018-09-17 CVE-2018-17125 Path Traversal vulnerability in Chshcms Cscms 4.1
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.
network
low complexity
chshcms CWE-22
7.5
7.5
2018-09-08 CVE-2018-16732 Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
network
low complexity
chshcms CWE-352
8.8
8.8
2018-09-08 CVE-2018-16731 Unrestricted Upload of File with Dangerous Type vulnerability in Chshcms Cscms 4.1
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
network
low complexity
chshcms CWE-434
critical
 9.8
9.8
2018-09-08 CVE-2018-16730 Cross-site Scripting vulnerability in Chshcms Cscms 4.1
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.
network
low complexity
chshcms CWE-79
6.1
6.1