Vulnerabilities > Chshcms > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-17 CVE-2023-5029 SQL Injection vulnerability in Chshcms Mccms 2.6
A vulnerability, which was classified as critical, was found in mccms 2.6.
low complexity
chshcms CWE-89
8.8
8.8
2023-06-14 CVE-2023-3235 Server-Side Request Forgery (SSRF) vulnerability in Chshcms Mccms
A vulnerability was found in mccms up to 2.6.5.
network
low complexity
chshcms CWE-918
8.8
8.8
2023-06-14 CVE-2023-3236 Server-Side Request Forgery (SSRF) vulnerability in Chshcms Mccms
A vulnerability classified as critical has been found in mccms up to 2.6.5.
network
low complexity
chshcms CWE-918
8.8
8.8
2023-04-28 CVE-2023-29815 Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Mccms 2.6.3
mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF).
network
low complexity
chshcms CWE-352
8.8
8.8
2022-05-26 CVE-2022-29660 SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del.
network
low complexity
chshcms CWE-89
7.5
7.5
2022-01-11 CVE-2020-28102 SQL Injection vulnerability in Chshcms Cscms 4.1
cscms v4.1 allows for SQL injection via the "js_del" function.
network
low complexity
chshcms CWE-89
7.5
7.5
2022-01-11 CVE-2020-28103 SQL Injection vulnerability in Chshcms Cscms 4.1
cscms v4.1 allows for SQL injection via the "page_del" function.
network
low complexity
chshcms CWE-89
7.5
7.5
2021-08-30 CVE-2020-22848 Unspecified vulnerability in Chshcms Cscms 4.1
A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands.
network
low complexity
chshcms
7.5
7.5
2018-09-17 CVE-2018-17126 Code Injection vulnerability in Chshcms Cscms 4.1
CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.
network
low complexity
chshcms CWE-94
7.5
7.5
2018-09-08 CVE-2018-16731 Unrestricted Upload of File with Dangerous Type vulnerability in Chshcms Cscms 4.1
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
network
low complexity
chshcms CWE-434
7.5
7.5