Vulnerabilities > Tpcms Project

DATE CVE VULNERABILITY TITLE RISK
2023-02-03 CVE-2021-36544 Information Exposure Through Log Files vulnerability in Tpcms Project Tpcms 3.2
Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.
network
low complexity
tpcms-project CWE-532
7.5
2023-02-03 CVE-2021-36545 Cross-site Scripting vulnerability in Tpcms Project Tpcms 3.2
Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page.
network
low complexity
tpcms-project CWE-79
5.4
2022-06-02 CVE-2022-29624 Unrestricted Upload of File with Dangerous Type vulnerability in Tpcms Project Tpcms 3.2
An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
tpcms-project CWE-434
8.8
2022-04-04 CVE-2022-27441 Cross-site Scripting vulnerability in Tpcms Project Tpcms 3.2
A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box.
network
low complexity
tpcms-project CWE-79
4.8
2022-04-04 CVE-2022-27442 Information Exposure Through Log Files vulnerability in Tpcms Project Tpcms 3.2
TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password.
network
low complexity
tpcms-project CWE-532
7.5