VYPR
Vendor

rawchen

Products
3
CVEs
7
Across products
7
Status
Private

Products

3

Recent CVEs

7
  • CVE-2022-40037CriJan 26, 2023
    risk 0.64cvss 9.8epss 0.02

    An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile.

  • CVE-2022-40035HigJan 26, 2023
    risk 0.57cvss 8.8epss 0.01

    File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component.

  • CVE-2022-34549HigJul 27, 2022
    risk 0.57cvss 8.8epss 0.01

    Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file.

  • CVE-2022-40036MedJan 26, 2023
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component.

  • CVE-2022-34551MedJul 27, 2022
    risk 0.42cvss 6.5epss 0.01

    Sims v1.0 was discovered to allow path traversal when downloading attachments.

  • CVE-2022-40034MedJan 23, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter.

  • CVE-2025-15149LowDec 28, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability has been found in rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded. Affected by this vulnerability is the function updateProductServlet of the file src/servlet/product/updateProductServlet.java of the component Add New Product Page. The manipulation of…