Known Vulnerabilities for products from 74cms
Listed below are 12 of the newest known vulnerabilities associated with the vendor "74cms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-35339 | In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.clas... | 9.8 - CRITICAL | 2021-02-17 | 2021-07-21 |
| CVE-2020-29279 | PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS ... | 9.8 - CRITICAL | 2020-12-02 | 2020-12-04 |
| CVE-2020-22212 | SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php. | 9.8 - CRITICAL | 2021-06-16 | 2021-06-21 |
| CVE-2020-22211 | SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php. | 9.8 - CRITICAL | 2021-06-16 | 2021-06-21 |
| CVE-2020-22210 | SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php. | 9.8 - CRITICAL | 2021-06-16 | 2021-06-21 |
| CVE-2020-22209 | SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php. | 9.8 - CRITICAL | 2021-06-16 | 2021-06-21 |
| CVE-2020-22208 | SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php. | 9.8 - CRITICAL | 2021-06-16 | 2021-06-21 |
| CVE-2019-17612 | An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/Back... | 7.2 - HIGH | 2019-10-15 | 2019-10-17 |
| CVE-2019-11374 | 74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI. | 8.8 - HIGH | 2019-04-20 | 2019-04-26 |
| CVE-2019-10684 | Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code... | 9.8 - CRITICAL | 2019-04-01 | 2019-04-03 |
| CVE-2018-20519 | An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changi... | 8.1 - HIGH | 2018-12-27 | 2019-01-24 |
| CVE-2018-20454 | An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the key parameter. | 6.1 - MEDIUM | 2018-12-25 | 2019-01-10 |
Known software with vulnerabilities from 74cms
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | 74cms | 74cms | 4.2.54 |
Popular searches for "74cms"
骑士人才系统 - PHP人才招聘系统程序网站源码 - 云人才招聘网站源码
www.74cms.com- PHP - MSPHP MYSQL,,,
PHP Android (operating system) Customer relationship management IPad V6 engine Copyright Version 6 Unix Windows 10 .com 0 V6 (band) UEFA Euro 2020 2020 United States presidential election IOS 2020 NHL Entry Draft 2020 Summer Olympics Reserved Alfa Romeo V6 engine 2020 NFL Draft All Righthttps://go.cms.gov/2qfLsDz
go.cms.gov/2qfLsDzwww.cms.gov/Research-Statistics-Data-and-Systems/Statistics-Trends-and-Reports/NationalHealthExpendData/Downloads/highlights.pdf www.cms.gov/Research-Statistics-Data-and-Systems/Statistics-Trends-and-Reports/NationalHealthExpendData/Downloads/highlights.pdf Go (game) Messapian language .gov Go! (airline)