ClassCMS
by ClassCMS
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-57099 | Cri | 0.64 | 9.8 | 0.01 | Feb 3, 2025 | ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server. | ||
| CVE-2024-48180 | Cri | 0.64 | 9.8 | 0.01 | Oct 16, 2024 | ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code. | ||
| CVE-2022-45966 | Cri | 0.64 | 9.8 | 0.01 | Dec 22, 2022 | here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5. | ||
| CVE-2022-25581 | Hig | 0.51 | 7.8 | 0.01 | Mar 18, 2022 | Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file. | ||
| CVE-2022-25582 | Med | 0.35 | 5.4 | 0.01 | Mar 25, 2022 | A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field. | ||
| CVE-2024-57097 | Med | 0.31 | 4.8 | 0.00 | Feb 3, 2025 | ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php. | ||
| CVE-2024-12666 | Med | 0.31 | 4.7 | 0.00 | Dec 16, 2024 | A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of… | ||
| CVE-2024-8144 | Low | 0.23 | 3.5 | 0.00 | Aug 25, 2024 | A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The… | ||
| CVE-2024-6932 | Low | 0.23 | 3.5 | 0.00 | Jul 20, 2024 | A vulnerability was found in ClassCMS 4.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/?action=home&do=shop:index&keyword=&kind=all. The manipulation of the argument order leads to cross site scripting. The… | ||
| CVE-2024-12503 | Low | 0.16 | 2.4 | 0.01 | Dec 12, 2024 | A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Model Management Page. The manipulation of the argument URL leads to cross site scripting. The attack can… | ||
| CVE-2024-8145 | Low | 0.16 | 2.4 | 0.00 | Aug 25, 2024 | A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Affected by this issue is some unknown functionality of the file /index.php/admin of the component Article Handler. The manipulation of the argument Title leads to basic cross site scripting.… |
- risk 0.64cvss 9.8epss 0.01
ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server.
- risk 0.64cvss 9.8epss 0.01
ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.
- risk 0.64cvss 9.8epss 0.01
here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5.
- risk 0.51cvss 7.8epss 0.01
Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.
- risk 0.35cvss 5.4epss 0.01
A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field.
- risk 0.31cvss 4.8epss 0.00
ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.
- risk 0.31cvss 4.7epss 0.00
A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of…
- risk 0.23cvss 3.5epss 0.00
A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was found in ClassCMS 4.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/?action=home&do=shop:index&keyword=&kind=all. The manipulation of the argument order leads to cross site scripting. The…
- risk 0.16cvss 2.4epss 0.01
A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Model Management Page. The manipulation of the argument URL leads to cross site scripting. The attack can…
- risk 0.16cvss 2.4epss 0.00
A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Affected by this issue is some unknown functionality of the file /index.php/admin of the component Article Handler. The manipulation of the argument Title leads to basic cross site scripting.…