Cumtyuanfeng/Laobancms

Releases0

Laobancms

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-18166 ↗	May 14, 2021Friday, 14 May 2021, 14:15	9.8 CRITICAL	7.5 HIGH
Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc".
CVE-2020-18167 ↗	May 14, 2021Friday, 14 May 2021, 14:15	4.8 MEDIUM	3.5 LOW
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu".
CVE-2020-18165 ↗	May 12, 2021Wednesday, 12 May 2021, 18:15	4.8 MEDIUM	3.5 LOW
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".