Laoban CMS
Products
1- 14 CVEs
Recent CVEs
14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-18166 | Cri | 0.64 | 9.8 | 0.02 | May 14, 2021 | Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc". | ||
| CVE-2018-19328 | Cri | 0.64 | 9.8 | 0.02 | Nov 17, 2018 | LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal. | ||
| CVE-2018-19222 | Cri | 0.64 | 9.8 | 0.01 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists. | ||
| CVE-2018-19221 | Cri | 0.64 | 9.8 | 0.01 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter. | ||
| CVE-2018-19220 | Cri | 0.64 | 9.8 | 0.02 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI. | ||
| CVE-2018-19225 | Hig | 0.57 | 8.8 | 0.01 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF. | ||
| CVE-2018-19228 | Hig | 0.49 | 7.5 | 0.02 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation. | ||
| CVE-2018-19224 | Hig | 0.49 | 7.5 | 0.01 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies. | ||
| CVE-2018-19229 | Med | 0.35 | 5.4 | 0.01 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter. | ||
| CVE-2018-19227 | Med | 0.35 | 5.4 | 0.01 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter. | ||
| CVE-2018-19226 | Med | 0.35 | 5.3 | 0.01 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI. | ||
| CVE-2020-18167 | Med | 0.31 | 4.8 | 0.01 | May 14, 2021 | Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu". | ||
| CVE-2020-18165 | Med | 0.31 | 4.8 | 0.01 | May 12, 2021 | Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu". | ||
| CVE-2018-19223 | Med | 0.31 | 4.8 | 0.01 | Nov 12, 2018 | An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI. |
- risk 0.64cvss 9.8epss 0.02
Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc".
- risk 0.64cvss 9.8epss 0.02
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies.
- risk 0.35cvss 5.4epss 0.01
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter.
- risk 0.35cvss 5.4epss 0.01
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter.
- risk 0.35cvss 5.3epss 0.01
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI.
- risk 0.31cvss 4.8epss 0.01
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu".
- risk 0.31cvss 4.8epss 0.01
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI.