74cmsSE
by 74cmsSE
CVEs (36)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-17612 | Hig | 0.47 | 7.2 | 0.01 | Oct 15, 2019 | An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter. | ||
| CVE-2022-41471 | Med | 0.42 | 6.5 | 0.01 | Oct 17, 2022 | 74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account. | ||
| CVE-2024-46089 | Med | 0.41 | 6.3 | 0.00 | Apr 18, 2025 | 74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin. | ||
| CVE-2024-2561 | Med | 0.41 | 6.3 | 0.06 | Mar 17, 2024 | A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64… | ||
| CVE-2022-32131 | Med | 0.40 | 6.1 | 0.01 | Jun 23, 2022 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /index/notice/show. | ||
| CVE-2022-32130 | Med | 0.40 | 6.1 | 0.01 | Jun 23, 2022 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/down_resume/total/nature. | ||
| CVE-2022-32129 | Med | 0.40 | 6.1 | 0.01 | Jun 23, 2022 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/account/safety/trade. | ||
| CVE-2022-32128 | Med | 0.40 | 6.1 | 0.01 | Jun 23, 2022 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/service/increment/add/im. | ||
| CVE-2022-32127 | Med | 0.40 | 6.1 | 0.01 | Jun 23, 2022 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/view_be_browsed/total. | ||
| CVE-2022-32126 | Med | 0.40 | 6.1 | 0.01 | Jun 23, 2022 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company. | ||
| CVE-2022-32125 | Med | 0.40 | 6.1 | 0.01 | Jun 23, 2022 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job. | ||
| CVE-2022-32124 | Med | 0.40 | 6.1 | 0.01 | Jun 23, 2022 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/. | ||
| CVE-2020-22421 | Med | 0.40 | 6.1 | 0.01 | Dec 8, 2021 | 74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vulnerability via /index.php?m=&c=help&a=help_list&key. | ||
| CVE-2018-20454 | Med | 0.40 | 6.1 | 0.01 | Dec 25, 2018 | An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the key parameter. | ||
| CVE-2022-41472 | Med | 0.35 | 5.4 | 0.00 | Oct 17, 2022 | 74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. | ||
| CVE-2025-4329 | Med | 0.28 | 4.3 | 0.01 | May 6, 2025 | A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The… |
- risk 0.47cvss 7.2epss 0.01
An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter.
- risk 0.42cvss 6.5epss 0.01
74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account.
- risk 0.41cvss 6.3epss 0.00
74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin.
- risk 0.41cvss 6.3epss 0.06
A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64…
- risk 0.40cvss 6.1epss 0.01
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /index/notice/show.
- risk 0.40cvss 6.1epss 0.01
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/down_resume/total/nature.
- risk 0.40cvss 6.1epss 0.01
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/account/safety/trade.
- risk 0.40cvss 6.1epss 0.01
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/service/increment/add/im.
- risk 0.40cvss 6.1epss 0.01
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/view_be_browsed/total.
- risk 0.40cvss 6.1epss 0.01
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company.
- risk 0.40cvss 6.1epss 0.01
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job.
- risk 0.40cvss 6.1epss 0.01
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/.
- risk 0.40cvss 6.1epss 0.01
74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vulnerability via /index.php?m=&c=help&a=help_list&key.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the key parameter.
- risk 0.35cvss 5.4epss 0.00
74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.
- risk 0.28cvss 4.3epss 0.01
A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The…
Page 2 of 2