Cscms
by Cscms
CVEs (24)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-29665 | Hig | 0.47 | 7.2 | 0.01 | May 26, 2022 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save. | ||
| CVE-2022-29663 | Hig | 0.47 | 7.2 | 0.01 | May 26, 2022 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy. | ||
| CVE-2019-9598 | Med | 0.42 | 6.5 | 0.01 | Mar 7, 2019 | An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds. | ||
| CVE-2018-16730 | Med | 0.40 | 6.1 | 0.01 | Sep 8, 2018 | \upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. |
- risk 0.47cvss 7.2epss 0.01
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save.
- risk 0.47cvss 7.2epss 0.01
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds.
- risk 0.40cvss 6.1epss 0.01
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.
Page 2 of 2