Vulnerabilities > Chshcms > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-28 | CVE-2023-26781 | SQL Injection vulnerability in Chshcms Mccms 2.6 SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search. | 9.8 |
| 2022-05-26 | CVE-2022-29660 | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del. | 9.8 |
| 2022-01-11 | CVE-2020-28102 | SQL Injection vulnerability in Chshcms Cscms 4.1 cscms v4.1 allows for SQL injection via the "js_del" function. | 9.8 |
| 2022-01-11 | CVE-2020-28103 | SQL Injection vulnerability in Chshcms Cscms 4.1 cscms v4.1 allows for SQL injection via the "page_del" function. | 9.8 |
| 2021-12-27 | CVE-2020-21238 | Improper Restriction of Excessive Authentication Attempts vulnerability in Chshcms Cscms 4.0 An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks. | 9.8 |
| 2021-08-30 | CVE-2020-22848 | Unspecified vulnerability in Chshcms Cscms 4.1 A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands. | 9.8 |
| 2018-09-17 | CVE-2018-17126 | Code Injection vulnerability in Chshcms Cscms 4.1 CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. | 9.8 |
| 2018-09-08 | CVE-2018-16731 | Unrestricted Upload of File with Dangerous Type vulnerability in Chshcms Cscms 4.1 CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. | 9.8 |