Vulnerabilities > Chshcms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-24 | CVE-2019-6779 | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1.8 Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links. | 8.1 |
| 2018-09-17 | CVE-2018-17125 | Path Traversal vulnerability in Chshcms Cscms 4.1 CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. | 7.5 |
| 2018-09-08 | CVE-2018-16732 | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1 \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. | 8.8 |
| 2018-09-04 | CVE-2018-16448 | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.0 Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. | 8.8 |