Vulnerabilities > Laobancms > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-14 CVE-2020-18166 Unrestricted Upload of File with Dangerous Type vulnerability in Laobancms 2.0
Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc".
network
low complexity
laobancms CWE-434
7.5
7.5
2018-11-17 CVE-2018-19328 Path Traversal vulnerability in Laobancms 2.0
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.
network
low complexity
laobancms CWE-22
7.5
7.5
2018-11-12 CVE-2018-19222 Cross-site Scripting vulnerability in Laobancms 2.0
An issue was discovered in LAOBANCMS 2.0.
network
low complexity
laobancms CWE-79
7.5
7.5
2018-11-12 CVE-2018-19221 SQL Injection vulnerability in Laobancms 2.0
An issue was discovered in LAOBANCMS 2.0.
network
low complexity
laobancms CWE-89
7.5
7.5
2018-11-12 CVE-2018-19220 Code Injection vulnerability in Laobancms 2.0
An issue was discovered in LAOBANCMS 2.0.
network
low complexity
laobancms CWE-94
7.5
7.5