Vulnerabilities > Laobancms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-14 | CVE-2020-18166 | Unrestricted Upload of File with Dangerous Type vulnerability in Laobancms 2.0 Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc". | 9.8 |
2021-05-14 | CVE-2020-18167 | Cross-site Scripting vulnerability in Laobancms 2.0 Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu". | 4.8 |
2021-05-12 | CVE-2020-18165 | Cross-site Scripting vulnerability in Laobancms 2.0 Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu". | 4.8 |
2018-11-17 | CVE-2018-19328 | Path Traversal vulnerability in Laobancms 2.0 LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal. | 9.8 |
2018-11-12 | CVE-2018-19229 | Cross-site Scripting vulnerability in Laobancms 2.0 An issue was discovered in LAOBANCMS 2.0. | 5.4 |
2018-11-12 | CVE-2018-19228 | Path Traversal vulnerability in Laobancms 2.0 An issue was discovered in LAOBANCMS 2.0. | 7.5 |
2018-11-12 | CVE-2018-19227 | Cross-site Scripting vulnerability in Laobancms 2.0 An issue was discovered in LAOBANCMS 2.0. | 5.4 |
2018-11-12 | CVE-2018-19226 | Information Exposure vulnerability in Laobancms 2.0 An issue was discovered in LAOBANCMS 2.0. | 5.3 |
2018-11-12 | CVE-2018-19225 | Cross-Site Request Forgery (CSRF) vulnerability in Laobancms 2.0 An issue was discovered in LAOBANCMS 2.0. | 8.8 |
2018-11-12 | CVE-2018-19224 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Laobancms 2.0 An issue was discovered in LAOBANCMS 2.0. | 7.5 |