VYPR
Vendor

ClassCMS

Products
1
CVEs
11
Across products
11
Status
Private

Products

1

Recent CVEs

11
  • CVE-2024-57099CriFeb 3, 2025
    risk 0.64cvss 9.8epss 0.01

    ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server.

  • CVE-2024-48180CriOct 16, 2024
    risk 0.64cvss 9.8epss 0.01

    ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.

  • CVE-2022-45966CriDec 22, 2022
    risk 0.64cvss 9.8epss 0.01

    here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5.

  • CVE-2022-25581HigMar 18, 2022
    risk 0.51cvss 7.8epss 0.01

    Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.

  • CVE-2022-25582MedMar 25, 2022
    risk 0.35cvss 5.4epss 0.01

    A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field.

  • CVE-2024-57097MedFeb 3, 2025
    risk 0.31cvss 4.8epss 0.00

    ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.

  • CVE-2024-12666MedDec 16, 2024
    risk 0.31cvss 4.7epss 0.00

    A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of…

  • CVE-2024-8144LowAug 25, 2024
    risk 0.23cvss 3.5epss 0.00

    A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The…

  • CVE-2024-6932LowJul 20, 2024
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in ClassCMS 4.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/?action=home&do=shop:index&keyword=&kind=all. The manipulation of the argument order leads to cross site scripting. The…

  • CVE-2024-12503LowDec 12, 2024
    risk 0.16cvss 2.4epss 0.01

    A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Model Management Page. The manipulation of the argument URL leads to cross site scripting. The attack can…

  • CVE-2024-8145LowAug 25, 2024
    risk 0.16cvss 2.4epss 0.00

    A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Affected by this issue is some unknown functionality of the file /index.php/admin of the component Article Handler. The manipulation of the argument Title leads to basic cross site scripting.…