Vulnerabilities > Tpcms Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-03 | CVE-2021-36544 | Information Exposure Through Log Files vulnerability in Tpcms Project Tpcms 3.2 Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL. | 7.5 |
2023-02-03 | CVE-2021-36545 | Cross-site Scripting vulnerability in Tpcms Project Tpcms 3.2 Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page. | 5.4 |
2022-06-02 | CVE-2022-29624 | Unrestricted Upload of File with Dangerous Type vulnerability in Tpcms Project Tpcms 3.2 An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file. | 8.8 |
2022-04-04 | CVE-2022-27441 | Cross-site Scripting vulnerability in Tpcms Project Tpcms 3.2 A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box. | 4.8 |
2022-04-04 | CVE-2022-27442 | Information Exposure Through Log Files vulnerability in Tpcms Project Tpcms 3.2 TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password. | 7.5 |