chshcms/cscms

GitHub

github.com

www.chshcms.com

Releases0

Stars21

基于CI框架开发的一套多元化产品

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-30898 ↗	Jun 9, 2022Thursday, 9 June 2022, 19:15	6.5 MEDIUM	4.3 MEDIUM
A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password.
CVE-2022-29687 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	7.2 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del.
CVE-2022-29689 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	7.2 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del.
CVE-2022-29688 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	7.2 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy.
CVE-2022-29682 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	7.2 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del.
CVE-2022-29681 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	7.2 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del.
CVE-2022-29686 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	7.2 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan.
CVE-2022-29685 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	8.8 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort.
CVE-2022-29684 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	7.2 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del.
CVE-2022-29683 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	7.2 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del.
CVE-2022-29680 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	7.2 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del.
CVE-2022-29676 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	7.2 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.
CVE-2022-29670 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	7.2 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del.
CVE-2022-29669 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	8.8 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan.
CVE-2022-29660 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	9.8 CRITICAL	7.5 HIGH
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del.
CVE-2022-29661 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	7.2 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save.
CVE-2022-29662 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	7.2 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save.
CVE-2022-29663 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	7.2 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy.
CVE-2022-29664 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	8.8 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save.
CVE-2022-29665 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	7.2 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save.
CVE-2022-29666 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	7.2 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.
CVE-2022-29667 ↗	May 26, 2022Thursday, 26 May 2022, 14:15	8.8 HIGH	6.5 MEDIUM
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted photos.
CVE-2022-28552 ↗	May 4, 2022Wednesday, 4 May 2022, 15:15	8.8 HIGH	6.5 MEDIUM
Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin.
CVE-2022-27366 ↗	Apr 15, 2022Friday, 15 April 2022, 18:15	7.2 HIGH	6.5 MEDIUM
Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy.
CVE-2022-27368 ↗	Apr 15, 2022Friday, 15 April 2022, 18:15	7.2 HIGH	6.5 MEDIUM
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan.
CVE-2022-27367 ↗	Apr 15, 2022Friday, 15 April 2022, 18:15	7.2 HIGH	6.5 MEDIUM
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del.
CVE-2022-27369 ↗	Apr 15, 2022Friday, 15 April 2022, 18:15	7.2 HIGH	6.5 MEDIUM
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy.
CVE-2022-27365 ↗	Apr 15, 2022Friday, 15 April 2022, 18:15	7.2 HIGH	6.5 MEDIUM
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del.
CVE-2020-28103 ↗	Jan 11, 2022Tuesday, 11 January 2022, 16:15	9.8 CRITICAL	7.5 HIGH
cscms v4.1 allows for SQL injection via the "page_del" function.
CVE-2020-28102 ↗	Jan 11, 2022Tuesday, 11 January 2022, 16:15	9.8 CRITICAL	7.5 HIGH
cscms v4.1 allows for SQL injection via the "js_del" function.
CVE-2020-21238 ↗	Dec 27, 2021Monday, 27 December 2021, 23:15	9.8 CRITICAL	5 MEDIUM
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.
CVE-2020-22848 ↗	Aug 30, 2021Monday, 30 August 2021, 23:15	9.8 CRITICAL	7.5 HIGH
A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands.
CVE-2019-9598 ↗	Mar 7, 2019Thursday, 7 March 2019, 23:29	—	4.3 MEDIUM
An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds.
CVE-2019-6779 ↗	Jan 24, 2019Thursday, 24 January 2019, 19:29	—	5.8 MEDIUM
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.
CVE-2018-16448 ↗	Sep 4, 2018Tuesday, 4 September 2018, 04:29	—	6.8 MEDIUM
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.
CVE-2018-16337 ↗	Sep 2, 2018Sunday, 2 September 2018, 18:29	—	4.3 MEDIUM
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save.