VYPR

Vendor CVEs

Cscms

All CVEs

41 total · sorted by risk
  • CVE-2022-29660CriMay 26, 2022
    risk 0.65cvss 9.8epss 0.11

    CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del.

  • CVE-2020-28103CriJan 11, 2022
    risk 0.64cvss 9.8epss 0.01

    cscms v4.1 allows for SQL injection via the "page_del" function.

  • CVE-2020-28102CriJan 11, 2022
    risk 0.64cvss 9.8epss 0.01

    cscms v4.1 allows for SQL injection via the "js_del" function.

  • CVE-2020-21238CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.

  • CVE-2020-22848CriAug 30, 2021
    risk 0.64cvss 9.8epss 0.03

    A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands.

  • CVE-2018-17126CriSep 17, 2018
    risk 0.64cvss 9.8epss 0.03

    CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.

  • CVE-2018-16731CriSep 8, 2018
    risk 0.64cvss 9.8epss 0.01

    CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.

  • CVE-2022-29685HigMay 26, 2022
    risk 0.57cvss 8.8epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort.

  • CVE-2022-29667HigMay 26, 2022
    risk 0.57cvss 8.8epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted photos.

  • CVE-2022-29664HigMay 26, 2022
    risk 0.57cvss 8.8epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save.

  • CVE-2022-28552HigMay 4, 2022
    risk 0.57cvss 8.8epss 0.01

    Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin.

  • CVE-2018-16732HigSep 8, 2018
    risk 0.57cvss 8.8epss 0.01

    \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.

  • CVE-2018-16448HigSep 4, 2018
    risk 0.57cvss 8.8epss 0.00

    Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.

  • CVE-2018-11527HigMay 29, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save.

  • CVE-2019-6779HigJan 24, 2019
    risk 0.53cvss 8.1epss 0.00

    Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.

  • CVE-2018-17125HigSep 17, 2018
    risk 0.49cvss 7.5epss 0.01

    CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.

  • CVE-2022-29689HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del.

  • CVE-2022-29688HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy.

  • CVE-2022-29687HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del.

  • CVE-2022-29686HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan.

  • CVE-2022-29684HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del.

  • CVE-2022-29683HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del.

  • CVE-2022-29682HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del.

  • CVE-2022-29681HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del.

  • CVE-2022-29680HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del.

  • CVE-2022-29676HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.

  • CVE-2022-29670HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del.

  • CVE-2022-29666HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.

  • CVE-2022-29665HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save.

  • CVE-2022-29663HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy.

  • CVE-2022-29662HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save.

  • CVE-2022-29661HigMay 26, 2022
    risk 0.47cvss 7.2epss 0.01

    CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save.

  • CVE-2022-27369HigApr 15, 2022
    risk 0.47cvss 7.2epss 0.01

    Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy.

  • CVE-2022-27368HigApr 15, 2022
    risk 0.47cvss 7.2epss 0.01

    Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan.

  • CVE-2022-27367HigApr 15, 2022
    risk 0.47cvss 7.2epss 0.01

    Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del.

  • CVE-2022-27366HigApr 15, 2022
    risk 0.47cvss 7.2epss 0.01

    Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy.

  • CVE-2022-27365HigApr 15, 2022
    risk 0.47cvss 7.2epss 0.01

    Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del.

  • CVE-2022-30898MedJun 9, 2022
    risk 0.42cvss 6.5epss 0.01

    A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password.

  • CVE-2019-9598MedMar 7, 2019
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds.

  • CVE-2018-16730MedSep 8, 2018
    risk 0.40cvss 6.1epss 0.01

    \upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.

  • CVE-2022-27090MedMar 21, 2022
    risk 0.35cvss 5.4epss 0.00

    Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter.