Page 2 of 11 results (0.016 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. CScms 4.1 permite la eliminación de directorios arbitrarios mediante una subcadena dir=..\\ en plugins\sys\admin\Plugins.php. • https://github.com/AvaterXXX/CScms/blob/master/CScms_dirdel.md https://www.patec.cn/newsshow.php?cid=24&id=125 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 2

CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. CScms 4.1 permite la ejecución remota de código, tal y como queda demostrado con 1');eval($_POST[cmd]);# en Web Name en upload\plugins\sys\Install.php. • https://github.com/AvaterXXX/CScms/blob/master/CScms_xss.md#cscms_getshell https://www.patec.cn/newsshow.php?cid=24&id=125 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. \upload\plugins\sys\Install.php en CScms 4.1 tiene Cross-Site Scripting (XSS) mediante el nombre del sitio. • https://github.com/AvaterXXX/CScms/blob/master/CScms_xss.md https://www.patec.cn/newsshow.php?cid=24&id=123 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. CScms 4.1 permite la subida de archivos arbitrarios añadiendo (por ejemplo) la extensión php a la lista de tipos de archivo por defecto (gif, jpg, png) y después proporcionando un nombre de ruta .php en los datos JSON fileurl. • https://github.com/AvaterXXX/CScms/blob/master/CScms_up.md https://www.patec.cn/newsshow.php?cid=24&id=123 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. \upload\plugins\sys\admin\Setting.php en CScms 4.1 permite Cross-Site Request Forgery (CSRF) mediante admin.php/setting/ftp_save. • https://github.com/AvaterXXX/CScms/blob/master/CScms_csrf.md https://www.patec.cn/newsshow.php?cid=24&id=123 • CWE-352: Cross-Site Request Forgery (CSRF) •