Vulnerabilities > Chshcms > Cscms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-04 | CVE-2022-28552 | SQL Injection vulnerability in Chshcms Cscms 4.1 Cscms 4.1 is vulnerable to SQL Injection. | 8.8 |
| 2022-04-15 | CVE-2022-27365 | SQL Injection vulnerability in Chshcms Cscms 4.2 Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del. | 7.2 |
| 2022-04-15 | CVE-2022-27366 | SQL Injection vulnerability in Chshcms Cscms 4.2 Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy. | 7.2 |
| 2022-04-15 | CVE-2022-27367 | SQL Injection vulnerability in Chshcms Cscms 4.2 Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del. | 7.2 |
| 2022-04-15 | CVE-2022-27368 | SQL Injection vulnerability in Chshcms Cscms 4.2 Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan. | 7.2 |
| 2022-04-15 | CVE-2022-27369 | SQL Injection vulnerability in Chshcms Cscms 4.2 Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy. | 7.2 |
| 2019-01-24 | CVE-2019-6779 | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1.8 Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links. | 8.1 |
| 2018-09-17 | CVE-2018-17125 | Path Traversal vulnerability in Chshcms Cscms 4.1 CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. | 7.5 |
| 2018-09-08 | CVE-2018-16732 | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1 \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. | 8.8 |
| 2018-09-04 | CVE-2018-16448 | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.0 Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. | 8.8 |