Vulnerabilities > Schoolcms

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-05	CVE-2019-9572	Unrestricted Upload of File with Dangerous Type vulnerability in Schoolcms 2.3.1 SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the _Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. network low complexity schoolcms CWE-434	7.2
2019-02-26	CVE-2019-9181	Unrestricted Upload of File with Dangerous Type vulnerability in Schoolcms 2.3.1 SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c=site&a=save by using the .jpg extension, changing the Content-Type to image/php, and placing PHP code after the JPEG data. network low complexity schoolcms CWE-434	7.2
2019-02-13	CVE-2019-8335	Cross-site Scripting vulnerability in Schoolcms 2.3.1 An issue was discovered in SchoolCMS 2.3.1. network low complexity schoolcms CWE-79	6.1
2019-02-13	CVE-2019-8334	Cross-site Scripting vulnerability in Schoolcms 2.3.1 An issue was discovered in SchoolCMS 2.3.1. network low complexity schoolcms CWE-79	6.1

Vulnerabilities > Schoolcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Schoolcms"}]}