Known Vulnerabilities for 74cms by 74cms

Listed below are 10 of the newest known vulnerabilities associated with the software "74cms" by "74cms".

These CVEs are retrieved based on exact matches on listed software and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2020-35339 In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.clas... 9.8 - CRITICAL 2021-02-17 2021-07-21
CVE-2020-29279 PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS ... 9.8 - CRITICAL 2020-12-02 2020-12-04
CVE-2020-22212 SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php. 9.8 - CRITICAL 2021-06-16 2021-06-21
CVE-2020-22211 SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php. 9.8 - CRITICAL 2021-06-16 2021-06-21
CVE-2020-22210 SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php. 9.8 - CRITICAL 2021-06-16 2021-06-21
CVE-2020-22209 SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php. 9.8 - CRITICAL 2021-06-16 2021-06-21
CVE-2020-22208 SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php. 9.8 - CRITICAL 2021-06-16 2021-06-21
CVE-2019-17612 An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/Back... 7.2 - HIGH 2019-10-15 2019-10-17
CVE-2019-11374 74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI. 8.8 - HIGH 2019-04-20 2019-04-26
CVE-2019-10684 Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code... 9.8 - CRITICAL 2019-04-01 2019-04-03

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Application74cms74cms6.0.48AllAllAll
Application74cms74cms6.0.4AllAllAll
Application74cms74cms6.0.38AllAllAll
Application74cms74cms6.0.37AllAllAll
Application74cms74cms6.0.36AllAllAll
Application74cms74cms6.0.35AllAllAll
Application74cms74cms6.0.34AllAllAll
Application74cms74cms6.0.20AllAllAll
Application74cms74cms6.0.2AllAllAll
Application74cms74cms6.0.13AllAllAll
Application74cms74cms6.0.1AllAllAll
Application74cms74cms5.2.8AllAllAll
Application74cms74cms5.2.7AllAllAll
Application74cms74cms5.2.6AllAllAll
Application74cms74cms5.2.5AllAllAll
Application74cms74cms5.2.4AllAllAll
Application74cms74cms5.2.3AllAllAll
Application74cms74cms5.2.2AllAllAll
Application74cms74cms5.2.1AllAllAll
Application74cms74cms5.2.0AllAllAll

Popular searches for 74cms

骑士人才系统 - PHP人才招聘系统程序网站源码 - 云人才招聘网站源码

www.74cms.com

- PHP - MSPHP MYSQL,,,

PHP Android (operating system) Customer relationship management IPad V6 engine Copyright Version 6 Unix Windows 10 .com 0 V6 (band) UEFA Euro 2020 2020 United States presidential election IOS 2020 NHL Entry Draft 2020 Summer Olympics Reserved Alfa Romeo V6 engine 2020 NFL Draft All Right

© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report