Laobancms: >> Laobancms >> 2.0 Security Vulnerabilities
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation.
CVSS Score
7.5
EPSS Score
0.01
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-12
Page 2