luocms_project luocms CVE Vulnerabilities (10)

CVEs: 10 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting luocms_project luocms (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

CVE	Summary	Source	Max CVSS	EPSS %	Published	Updated
CVE-2022-24609	Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/template_manage.php, an attacker can write an arbitrary shell file.	[email protected]	9.8	0.32%	2022-03-10	2024-11-21
CVE-2022-24608	Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php.	[email protected]	6.1	0.23%	2022-03-10	2024-11-21
CVE-2022-24607	Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php.	[email protected]	9.8	0.25%	2022-03-10	2024-11-21
CVE-2022-24606	Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php.	[email protected]	9.8	0.25%	2022-03-10	2024-11-21
CVE-2022-24605	Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php.	[email protected]	9.8	0.25%	2022-03-10	2024-11-21
CVE-2022-24604	Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php.	[email protected]	9.8	0.25%	2022-03-10	2024-11-21
CVE-2022-24603	Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php.	[email protected]	9.8	0.25%	2022-03-10	2024-11-21
CVE-2022-24602	Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php.	[email protected]	9.8	0.25%	2022-03-10	2024-11-21
CVE-2022-24601	Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements.	[email protected]	7.5	0.31%	2022-03-10	2024-11-21
CVE-2022-24600	Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements.	[email protected]	9.8	0.25%	2022-03-10	2024-11-21

cvelogic Threat Intelligence