Vulnerabilities > Chshcms > Cscms

DATE CVE VULNERABILITY TITLE RISK
2021-12-27 CVE-2020-21238 Improper Restriction of Excessive Authentication Attempts vulnerability in Chshcms Cscms 4.0
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.
network
low complexity
chshcms CWE-307
5.0
5.0
2021-08-30 CVE-2020-22848 Unspecified vulnerability in Chshcms Cscms 4.1
A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands.
network
low complexity
chshcms
7.5
7.5
2019-03-07 CVE-2019-9598 Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1
An issue was discovered in Cscms 4.1.0.
network
chshcms CWE-352
4.3
4.3
2019-01-24 CVE-2019-6779 Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1.8
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.
network
chshcms CWE-352
5.8
5.8
2018-09-17 CVE-2018-17126 Code Injection vulnerability in Chshcms Cscms 4.1
CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.
network
low complexity
chshcms CWE-94
7.5
7.5
2018-09-17 CVE-2018-17125 Path Traversal vulnerability in Chshcms Cscms 4.1
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.
network
low complexity
chshcms CWE-22
6.4
6.4
2018-09-08 CVE-2018-16732 Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
network
chshcms CWE-352
6.8
6.8
2018-09-08 CVE-2018-16731 Unrestricted Upload of File with Dangerous Type vulnerability in Chshcms Cscms 4.1
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
network
low complexity
chshcms CWE-434
7.5
7.5
2018-09-08 CVE-2018-16730 Cross-site Scripting vulnerability in Chshcms Cscms 4.1
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.
network
chshcms CWE-79
4.3
4.3
2018-09-04 CVE-2018-16448 Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.0
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.
network
chshcms CWE-352
6.8
6.8