jsjbcyber/bug_report

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-24609 ↗	Mar 10, 2022Thursday, 10 March 2022, 17:46	9.8 CRITICAL	10 HIGH
Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/template_manage.php, an attacker can write an arbitrary shell file.
CVE-2022-24608 ↗	Mar 10, 2022Thursday, 10 March 2022, 17:46	6.1 MEDIUM	4.3 MEDIUM
Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php.
CVE-2022-24605 ↗	Mar 10, 2022Thursday, 10 March 2022, 17:46	9.8 CRITICAL	7.5 HIGH
Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php.
CVE-2022-24607 ↗	Mar 10, 2022Thursday, 10 March 2022, 17:46	9.8 CRITICAL	7.5 HIGH
Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php.
CVE-2022-24606 ↗	Mar 10, 2022Thursday, 10 March 2022, 17:46	9.8 CRITICAL	7.5 HIGH
Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php.
CVE-2022-24602 ↗	Mar 10, 2022Thursday, 10 March 2022, 17:46	9.8 CRITICAL	7.5 HIGH
Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php.
CVE-2022-24603 ↗	Mar 10, 2022Thursday, 10 March 2022, 17:46	9.8 CRITICAL	7.5 HIGH
Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php.
CVE-2022-24604 ↗	Mar 10, 2022Thursday, 10 March 2022, 17:46	9.8 CRITICAL	7.5 HIGH
Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php.
CVE-2022-24600 ↗	Mar 10, 2022Thursday, 10 March 2022, 17:46	9.8 CRITICAL	7.5 HIGH
Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements.
CVE-2022-24601 ↗	Mar 10, 2022Thursday, 10 March 2022, 17:46	7.5 HIGH	5 MEDIUM
Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements.
CVE-2021-46093 ↗	Feb 1, 2022Tuesday, 1 February 2022, 19:15	9.8 CRITICAL	7.5 HIGH
eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php.
CVE-2022-24222 ↗	Feb 1, 2022Tuesday, 1 February 2022, 19:15	9.8 CRITICAL	7.5 HIGH
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php.
CVE-2022-24221 ↗	Feb 1, 2022Tuesday, 1 February 2022, 19:15	9.8 CRITICAL	7.5 HIGH
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php.
CVE-2022-24220 ↗	Feb 1, 2022Tuesday, 1 February 2022, 19:15	9.8 CRITICAL	7.5 HIGH
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php.
CVE-2022-24219 ↗	Feb 1, 2022Tuesday, 1 February 2022, 19:15	9.8 CRITICAL	7.5 HIGH
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php.
CVE-2022-24218 ↗	Feb 1, 2022Tuesday, 1 February 2022, 19:15	9.1 CRITICAL	6.4 MEDIUM
An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files.