CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

74cms: Security Vulnerabilities

CVE-2019-11374

74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.

CVSS Score

8.8

EPSS Score

0.026

Published

2019-04-20

CVE-2019-10684

Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code via the index.php?m=Admin&c=config&a=edit site_domain parameter.

CVSS Score

9.8

EPSS Score

0.008

Published

2019-04-01

CVE-2018-20519

An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal&a=ajax_save_basic pid parameter.

CVSS Score

8.1

EPSS Score

0.002

Published

2018-12-27

CVE-2018-20454

An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the key parameter.

CVSS Score

6.1

EPSS Score

0.002

Published

2018-12-25

Page 4

Vulnerabilities

Vulnerable Software

74cms: Security Vulnerabilities

Products

Pricing

Contact Us