Vulnerabilities > Nconsulting

DATE CVE VULNERABILITY TITLE RISK
2019-02-11 CVE-2019-7721 Unrestricted Upload of File with Dangerous Type vulnerability in Nconsulting Nc-Cms 3.5
lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters.
network
low complexity
nconsulting CWE-434
5.0
2018-10-31 CVE-2018-18874 Unrestricted Upload of File with Dangerous Type vulnerability in Nconsulting Nc-Cms
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI.
network
low complexity
nconsulting CWE-434
7.5
2018-10-15 CVE-2018-18361 Cross-site Scripting vulnerability in Nconsulting Nc-Cms
An issue was discovered in nc-cms through 2017-03-10.
4.3
2018-10-14 CVE-2018-18290 Cross-site Scripting vulnerability in Nconsulting Nc-Cms
An issue was discovered in nc-cms through 2017-03-10.
network
low complexity
nconsulting CWE-79
4.8