Vulnerabilities > Chshcms

DATE CVE VULNERABILITY TITLE RISK
2022-04-15 CVE-2022-27366 SQL Injection vulnerability in Chshcms Cscms 4.2
Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy.
network
low complexity
chshcms CWE-89
7.2
2022-04-15 CVE-2022-27367 SQL Injection vulnerability in Chshcms Cscms 4.2
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del.
network
low complexity
chshcms CWE-89
7.2
2022-04-15 CVE-2022-27368 SQL Injection vulnerability in Chshcms Cscms 4.2
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan.
network
low complexity
chshcms CWE-89
7.2
2022-04-15 CVE-2022-27369 SQL Injection vulnerability in Chshcms Cscms 4.2
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy.
network
low complexity
chshcms CWE-89
7.2
2022-03-21 CVE-2022-27090 Open Redirect vulnerability in Chshcms Cscms 4.2
Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter.
network
low complexity
chshcms CWE-601
5.4
2022-01-11 CVE-2020-28102 SQL Injection vulnerability in Chshcms Cscms 4.1
cscms v4.1 allows for SQL injection via the "js_del" function.
network
low complexity
chshcms CWE-89
critical
9.8
2022-01-11 CVE-2020-28103 SQL Injection vulnerability in Chshcms Cscms 4.1
cscms v4.1 allows for SQL injection via the "page_del" function.
network
low complexity
chshcms CWE-89
critical
9.8
2021-12-27 CVE-2020-21238 Improper Restriction of Excessive Authentication Attempts vulnerability in Chshcms Cscms 4.0
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.
network
low complexity
chshcms CWE-307
critical
9.8
2021-08-30 CVE-2020-22848 Unspecified vulnerability in Chshcms Cscms 4.1
A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands.
network
low complexity
chshcms
critical
9.8
2019-03-07 CVE-2019-9598 Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1
An issue was discovered in Cscms 4.1.0.
network
low complexity
chshcms CWE-352
6.5