Vulnerabilities > Chshcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-24 | CVE-2019-6779 | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1.8 Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links. | 8.1 |
| 2018-09-17 | CVE-2018-17126 | Code Injection vulnerability in Chshcms Cscms 4.1 CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. | 9.8 |
| 2018-09-17 | CVE-2018-17125 | Path Traversal vulnerability in Chshcms Cscms 4.1 CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. | 7.5 |
| 2018-09-08 | CVE-2018-16732 | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1 \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. | 8.8 |
| 2018-09-08 | CVE-2018-16731 | Unrestricted Upload of File with Dangerous Type vulnerability in Chshcms Cscms 4.1 CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. | 9.8 |
| 2018-09-08 | CVE-2018-16730 | Cross-site Scripting vulnerability in Chshcms Cscms 4.1 \upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. | 6.1 |
| 2018-09-04 | CVE-2018-16448 | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.0 Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. | 8.8 |
| 2018-09-02 | CVE-2018-16337 | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1.8 An issue was discovered in Cscms V4.1.8. | 6.5 |