VYPR

BaiCloud-cms

by BaiCloud

CVEs (2)

  • CVE-2021-41729CriSep 30, 2021
    risk 0.59cvss 9.1epss 0.01

    BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an attacker to delete arbitrary files on the server through /user/ppsave.php.

  • CVE-2021-44302HigFeb 19, 2022
    risk 0.57cvss 8.8epss 0.01

    BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidu_map parameters in /user/ztconfig.php.