CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6779
https://notcve.org/view.php?id=CVE-2019-6779
24 Jan 2019 — Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links. La versión 4.1.8 de Cscms permite Cross-Site Request Forgery (CSRF) en admin.php/links/save para añadir, modificar o eliminar enlaces de amigo. • https://github.com/chshcms/cscms/issues/3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 2CVE-2018-17126
https://notcve.org/view.php?id=CVE-2018-17126
17 Sep 2018 — CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. CScms 4.1 permite la ejecución remota de código, tal y como queda demostrado con 1');eval($_POST[cmd]);# en Web Name en upload\plugins\sys\Install.php. • https://github.com/AvaterXXX/CScms/blob/master/CScms_xss.md#cscms_getshell • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-17125
https://notcve.org/view.php?id=CVE-2018-17125
17 Sep 2018 — CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. CScms 4.1 permite la eliminación de directorios arbitrarios mediante una subcadena dir=..\\ en plugins\sys\admin\Plugins.php. • https://github.com/AvaterXXX/CScms/blob/master/CScms_dirdel.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16730
https://notcve.org/view.php?id=CVE-2018-16730
08 Sep 2018 — \upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. \upload\plugins\sys\Install.php en CScms 4.1 tiene Cross-Site Scripting (XSS) mediante el nombre del sitio. • https://github.com/AvaterXXX/CScms/blob/master/CScms_xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2018-16731
https://notcve.org/view.php?id=CVE-2018-16731
08 Sep 2018 — CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. CScms 4.1 permite la subida de archivos arbitrarios añadiendo (por ejemplo) la extensión php a la lista de tipos de archivo por defecto (gif, jpg, png) y después proporcionando un nombre de ruta .php en los datos JSON fileurl. • https://github.com/AvaterXXX/CScms/blob/master/CScms_up.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16732
https://notcve.org/view.php?id=CVE-2018-16732
08 Sep 2018 — \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. \upload\plugins\sys\admin\Setting.php en CScms 4.1 permite Cross-Site Request Forgery (CSRF) mediante admin.php/setting/ftp_save. • https://github.com/AvaterXXX/CScms/blob/master/CScms_csrf.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16448
https://notcve.org/view.php?id=CVE-2018-16448
04 Sep 2018 — Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. Cscms 4 permite Cross-Site Request Forgery (CSRF) al crear un miembro mediante upload/admin.php/user/save; autenticar miembros VIP mediante upload/admin.php/user/init/tid y upload/admin.php/user/init/rzid y crear un super administrador y editor web mediante ... • https://github.com/chshcms/cscms/issues/1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16337
https://notcve.org/view.php?id=CVE-2018-16337
02 Sep 2018 — An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save. Se ha descubierto un problema en Cscms V4.1.8. Hay una vulnerabilidad Cross-Site Request Forgery (CSRF) que puede modificar la configuración básica de un sitio web mediante upload/admin.php/setting/save. • https://github.com/chshcms/cscms/issues/2 • CWE-352: Cross-Site Request Forgery (CSRF) •