CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31613
https://notcve.org/view.php?id=CVE-2024-31613
10 Jun 2024 — BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code." • https://github.com/ss122-0ss/BOSSCMS/blob/main/bosscms%20csrf.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22938
https://notcve.org/view.php?id=CVE-2024-22938
30 Jan 2024 — Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component. La vulnerabilidad de permisos inseguros en BossCMS v.1.3.0 permite a un atacante local ejecutar código arbitrario y escalar privilegios a través de la función init en el componente admin.class.php. • https://github.com/n0Sleeper/bosscmsVuln • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44937
https://notcve.org/view.php?id=CVE-2022-44937
28 Nov 2022 — Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module. Se descubrió que Bosscms v2.0.0 contenía Cross-Site Request Forgery (CSRF) a través de la función Agregar en el módulo Lista de Administradores. • https://github.com/5497lvren/Zhenhao/issues/1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28606
https://notcve.org/view.php?id=CVE-2022-28606
05 May 2022 — An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server. Se presenta una vulnerabilidad de carga arbitraria de archivos en Wenzhou Huoyin Information Technology Co. BossCMS versión 1.0, que puede ser explotada por un atacante para conseguir el control del servidor • https://www.bosscms.net • CWE-434: Unrestricted Upload of File with Dangerous Type •