Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Laobancms Subscribe
Total 14 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-18166 1 Laobancms 1 Laobancms 2021-05-21 7.5 HIGH 9.8 CRITICAL
Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc".
CVE-2020-18167 1 Laobancms 1 Laobancms 2021-05-21 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu".
CVE-2020-18165 1 Laobancms 1 Laobancms 2021-05-18 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".
CVE-2018-19224 1 Laobancms 1 Laobancms 2020-08-24 5.0 MEDIUM 7.5 HIGH
An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies.
CVE-2018-19328 1 Laobancms 1 Laobancms 2020-05-07 7.5 HIGH 9.8 CRITICAL
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.
CVE-2018-19222 1 Laobancms 1 Laobancms 2019-10-02 7.5 HIGH 9.8 CRITICAL
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.
CVE-2018-19226 1 Laobancms 1 Laobancms 2018-12-11 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI.
CVE-2018-19228 1 Laobancms 1 Laobancms 2018-12-11 6.4 MEDIUM 7.5 HIGH
An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation.
CVE-2018-19220 1 Laobancms 1 Laobancms 2018-12-11 7.5 HIGH 9.8 CRITICAL
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI.
CVE-2018-19227 1 Laobancms 1 Laobancms 2018-12-11 3.5 LOW 5.4 MEDIUM
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter.
CVE-2018-19223 1 Laobancms 1 Laobancms 2018-12-11 3.5 LOW 4.8 MEDIUM
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI.
CVE-2018-19221 1 Laobancms 1 Laobancms 2018-12-11 7.5 HIGH 9.8 CRITICAL
An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.
CVE-2018-19225 1 Laobancms 1 Laobancms 2018-12-11 6.8 MEDIUM 8.8 HIGH
An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF.
CVE-2018-19229 1 Laobancms 1 Laobancms 2018-12-11 3.5 LOW 5.4 MEDIUM
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter.