Vulnerabilities > Chshcms

DATE CVE VULNERABILITY TITLE RISK
2019-01-24 CVE-2019-6779 Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1.8
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.
network
chshcms CWE-352
5.8
2018-09-17 CVE-2018-17126 Code Injection vulnerability in Chshcms Cscms 4.1
CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.
network
low complexity
chshcms CWE-94
7.5
2018-09-17 CVE-2018-17125 Path Traversal vulnerability in Chshcms Cscms 4.1
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.
network
low complexity
chshcms CWE-22
6.4
2018-09-08 CVE-2018-16732 Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
network
chshcms CWE-352
6.8
2018-09-08 CVE-2018-16731 Unrestricted Upload of File with Dangerous Type vulnerability in Chshcms Cscms 4.1
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
network
low complexity
chshcms CWE-434
7.5
2018-09-08 CVE-2018-16730 Cross-site Scripting vulnerability in Chshcms Cscms 4.1
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.
network
chshcms CWE-79
4.3
2018-09-04 CVE-2018-16448 Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.0
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.
network
chshcms CWE-352
6.8
2018-09-02 CVE-2018-16337 Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1.8
An issue was discovered in Cscms V4.1.8.
network
chshcms CWE-352
4.3