Laobancms
by Laoban Cms
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-18167 | 0.00 | — | 0.00 | May 14, 2021 | Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu". | |||
| CVE-2020-18166 | 0.00 | — | 0.01 | May 14, 2021 | Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc". | |||
| CVE-2020-18165 | 0.00 | — | 0.00 | May 12, 2021 | Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu". | |||
| CVE-2018-19328 | 0.00 | — | 0.01 | Nov 17, 2018 | LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal. | |||
| CVE-2018-19225 | 0.00 | — | 0.00 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF. | |||
| CVE-2018-19220 | 0.00 | — | 0.01 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI. | |||
| CVE-2018-19229 | 0.00 | — | 0.00 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter. | |||
| CVE-2018-19228 | 0.00 | — | 0.01 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation. | |||
| CVE-2018-19221 | 0.00 | — | 0.00 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter. | |||
| CVE-2018-19227 | 0.00 | — | 0.00 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter. | |||
| CVE-2018-19226 | 0.00 | — | 0.00 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI. | |||
| CVE-2018-19223 | 0.00 | — | 0.00 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI. | |||
| CVE-2018-19224 | 0.00 | — | 0.00 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies. | |||
| CVE-2018-19222 | 0.00 | — | 0.01 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists. |
- CVE-2020-18167May 14, 2021risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu".
- CVE-2020-18166May 14, 2021risk 0.00cvss —epss 0.01
Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc".
- CVE-2020-18165May 12, 2021risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".
- CVE-2018-19328Nov 17, 2018risk 0.00cvss —epss 0.01
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.
- CVE-2018-19225Nov 12, 2018risk 0.00cvss —epss 0.00
An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF.
- CVE-2018-19220Nov 12, 2018risk 0.00cvss —epss 0.01
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI.
- CVE-2018-19229Nov 12, 2018risk 0.00cvss —epss 0.00
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter.
- CVE-2018-19228Nov 12, 2018risk 0.00cvss —epss 0.01
An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation.
- CVE-2018-19221Nov 12, 2018risk 0.00cvss —epss 0.00
An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.
- CVE-2018-19227Nov 12, 2018risk 0.00cvss —epss 0.00
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter.
- CVE-2018-19226Nov 12, 2018risk 0.00cvss —epss 0.00
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI.
- CVE-2018-19223Nov 12, 2018risk 0.00cvss —epss 0.00
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI.
- CVE-2018-19224Nov 12, 2018risk 0.00cvss —epss 0.00
An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies.
- CVE-2018-19222Nov 12, 2018risk 0.00cvss —epss 0.01
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.