VYPR

Cscms

by Cscms

CVEs (24)

  • CVE-2022-29665HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save.

  • CVE-2022-29663HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy.

  • CVE-2019-9598MedMar 7, 2019
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds.

  • CVE-2018-16730MedSep 8, 2018
    risk 0.40cvss 6.1epss 0.01

    \upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.

Page 2 of 2