VYPR
Vendor

tpcms

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2022-29624HigJun 2, 2022
    risk 0.57cvss 8.8epss 0.01

    An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2021-36544HigFeb 3, 2023
    risk 0.49cvss 7.5epss 0.01

    Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.

  • CVE-2022-27442HigApr 4, 2022
    risk 0.49cvss 7.5epss 0.01

    TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password.

  • CVE-2021-36545MedFeb 3, 2023
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page.

  • CVE-2022-27441MedApr 4, 2022
    risk 0.31cvss 4.8epss 0.00

    A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box.