RSS   Podatności dla 'Laobancms'   RSS

2021-05-14
 
CVE-2020-18166

CWE-434
 

 
Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc".

 
 
CVE-2020-18167

CWE-79
 

 
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu".

 
2021-05-12
 
CVE-2020-18165

CWE-79
 

 
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".

 
2018-11-12
 
CVE-2018-19229

CWE-79
 

 
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter.

 
 
CVE-2018-19228

CWE-22
 

 
An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation.

 
 
CVE-2018-19227

CWE-79
 

 
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter.

 
 
CVE-2018-19226

CWE-200
 

 
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI.

 
 
CVE-2018-19225

CWE-352
 

 
An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF.

 
 
CVE-2018-19224

CWE-20
 

 
An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies.

 
 
CVE-2018-19223

CWE-79
 

 
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI.

 


Copyright 2024, cxsecurity.com

 

Back to Top