Vulnerabilities > Laobancms

DATE CVE VULNERABILITY TITLE RISK
2021-05-14 CVE-2020-18166 Unrestricted Upload of File with Dangerous Type vulnerability in Laobancms 2.0
Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc".
network
low complexity
laobancms CWE-434
critical
9.8
2021-05-14 CVE-2020-18167 Cross-site Scripting vulnerability in Laobancms 2.0
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu".
network
low complexity
laobancms CWE-79
4.8
2021-05-12 CVE-2020-18165 Cross-site Scripting vulnerability in Laobancms 2.0
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".
network
low complexity
laobancms CWE-79
4.8
2018-11-17 CVE-2018-19328 Path Traversal vulnerability in Laobancms 2.0
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.
network
low complexity
laobancms CWE-22
critical
9.8
2018-11-12 CVE-2018-19229 Cross-site Scripting vulnerability in Laobancms 2.0
An issue was discovered in LAOBANCMS 2.0.
network
low complexity
laobancms CWE-79
5.4
2018-11-12 CVE-2018-19228 Path Traversal vulnerability in Laobancms 2.0
An issue was discovered in LAOBANCMS 2.0.
network
low complexity
laobancms CWE-22
7.5
2018-11-12 CVE-2018-19227 Cross-site Scripting vulnerability in Laobancms 2.0
An issue was discovered in LAOBANCMS 2.0.
network
low complexity
laobancms CWE-79
5.4
2018-11-12 CVE-2018-19226 Information Exposure vulnerability in Laobancms 2.0
An issue was discovered in LAOBANCMS 2.0.
network
low complexity
laobancms CWE-200
5.3
2018-11-12 CVE-2018-19225 Cross-Site Request Forgery (CSRF) vulnerability in Laobancms 2.0
An issue was discovered in LAOBANCMS 2.0.
network
low complexity
laobancms CWE-352
8.8
2018-11-12 CVE-2018-19224 Reliance on Cookies without Validation and Integrity Checking vulnerability in Laobancms 2.0
An issue was discovered in LAOBANCMS 2.0.
network
low complexity
laobancms CWE-565
7.5