VYPR

Laobancms

by Laoban CMS

CVEs (14)

  • CVE-2020-18166CriMay 14, 2021
    risk 0.64cvss 9.8epss 0.02

    Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc".

  • CVE-2018-19328CriNov 17, 2018
    risk 0.64cvss 9.8epss 0.02

    LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.

  • CVE-2018-19222CriNov 12, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.

  • CVE-2018-19221CriNov 12, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.

  • CVE-2018-19220CriNov 12, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI.

  • CVE-2018-19225HigNov 12, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF.

  • CVE-2018-19228HigNov 12, 2018
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation.

  • CVE-2018-19224HigNov 12, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies.

  • CVE-2018-19229MedNov 12, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter.

  • CVE-2018-19227MedNov 12, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter.

  • CVE-2018-19226MedNov 12, 2018
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI.

  • CVE-2020-18167MedMay 14, 2021
    risk 0.31cvss 4.8epss 0.01

    Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu".

  • CVE-2020-18165MedMay 12, 2021
    risk 0.31cvss 4.8epss 0.01

    Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".

  • CVE-2018-19223MedNov 12, 2018
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI.