CVE Tools

chshcms

Web & CMS Pluginsunknown

37

Cumulative CVEs

4

Monthly snapshots

#36

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting chshcms.

CVE-2025-51818MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands5.4Aug 21, 2025
CVE-2025-50234MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sys_...6.5Aug 6, 2025
CVE-2025-51651An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attackers to download arbitrary files via a crafted GET request.5.5Jul 14, 2025
CVE-2025-5328chshcms mccms Backups.php restore_del path traversal5.4May 29, 2025
CVE-2025-5327chshcms mccms Gf.php index server-side request forgery6.3May 29, 2025
CVE-2023-5029mccms 1 sql injection5.5Sep 17, 2023
CVE-2023-3236mccms Comic.php pic_save server-side request forgery6.3Jun 14, 2023
CVE-2023-3235mccms Comic.php pic_api server-side request forgery6.3Jun 14, 2023
CVE-2023-29815mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF).8.8Apr 28, 2023
CVE-2023-26782An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters.6.5Apr 28, 2023
CVE-2023-26781SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search.9.8Apr 28, 2023
CVE-2022-30898A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password.6.5Jun 9, 2022
CVE-2022-29689CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del.7.2May 26, 2022
CVE-2022-29688CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy.7.2May 26, 2022
CVE-2022-29687CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del.7.2May 26, 2022