Vulnerabilities > Nconsulting > NC CMS > 3.2.0

DATE CVE VULNERABILITY TITLE RISK
2018-10-31 CVE-2018-18874 Unrestricted Upload of File with Dangerous Type vulnerability in Nconsulting Nc-Cms
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI.
network
low complexity
nconsulting CWE-434
critical
 9.8
9.8
2018-10-15 CVE-2018-18361 Cross-site Scripting vulnerability in Nconsulting Nc-Cms
An issue was discovered in nc-cms through 2017-03-10.
network
low complexity
nconsulting CWE-79
6.1
6.1
2018-10-14 CVE-2018-18290 Cross-site Scripting vulnerability in Nconsulting Nc-Cms
An issue was discovered in nc-cms through 2017-03-10.
network
low complexity
nconsulting CWE-79
4.8
4.8