CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29815
https://notcve.org/view.php?id=CVE-2023-29815
mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF). • https://github.com/chshcms/mccms/issues/3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30898
https://notcve.org/view.php?id=CVE-2022-30898
A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password. Una vulnerabilidad de tipo Cross-site request forgery (CSRF) en Cscms music portal system versión v4.2, permite a atacantes remotos cambiar el nombre de usuario y la contraseña del administrador • https://github.com/chshcms/cscms/issues/37 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29689
https://notcve.org/view.php?id=CVE-2022-29689
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del. Se ha detectado que CSCMS Music Portal System versión v4.2, contiene una vulnerabilidad de inyección SQL ciega por medio del parámetro id en /admin.php/singer/admin/singer/del • https://github.com/chshcms/cscms/issues/28#issue-1209044410 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29688
https://notcve.org/view.php?id=CVE-2022-29688
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy. Se ha detectado que CSCMS Music Portal System versión v4.2, contiene una vulnerabilidad de inyección SQL ciega por medio del parámetro id en /admin.php/singer/admin/singer/hy • https://github.com/chshcms/cscms/issues/27#issue-1209040138 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29687
https://notcve.org/view.php?id=CVE-2022-29687
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del. Se ha detectado que CSCMS Music Portal System versión v4.2, contiene una vulnerabilidad de inyección SQL ciega por medio del parámetro id en /admin.php/user/level_del • https://github.com/chshcms/cscms/issues/30#issue-1209049714 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •