本ページは nconsulting nc-cms に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2019-7721 | lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters. | [email protected] | 7.5 | 1.18% | 2019-02-10 | 2026-06-16 |
| CVE-2018-18874 | nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI. | [email protected] | 9.8 | 2.06% | 2018-10-31 | 2026-06-16 |
| CVE-2018-18361 | An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html allows XSS via the name parameter, as demonstrated by a value beginning with home_content and containing a crafted SRC attribute of an IMG element. | [email protected] | 6.1 | 0.80% | 2018-10-15 | 2026-06-16 |
| CVE-2018-18290 | An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality | [email protected] | 4.8 | 0.62% | 2018-10-14 | 2026-06-16 |