VYPR

Cscms

by chshcms

CVEs (7)

  • CVE-2022-29669HigMay 26, 2022
    risk 0.57cvss 8.8epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan.

  • CVE-2022-29689HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del.

  • CVE-2022-29670HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del.

  • CVE-2022-29661HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save.

  • CVE-2022-27368HigApr 15, 2022
    risk 0.47cvss 7.2epss 0.01

    Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan.

  • CVE-2022-30898MedJun 9, 2022
    risk 0.42cvss 6.5epss 0.01

    A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password.

  • CVE-2018-16337MedSep 2, 2018
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save.