Aggregates CVE and security vulnerability intelligence across all cltphp-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting, vendor risk path handling, and vendor risk input validation, with potential vendor impact file overwrite across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-30268 | CLTPHP <=6.0 is vulnerable to Improper Input Validation. | [email protected] | 9.8 | 0.60% | 2023-05-04 | 2025-01-29 |
| CVE-2023-30264 | CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update. | [email protected] | 9.8 | 0.43% | 2023-05-04 | 2025-01-29 |
| CVE-2023-30269 | CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php. | [email protected] | 8.1 | 0.31% | 2023-04-26 | 2025-02-03 |
| CVE-2023-30267 | CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php. | [email protected] | 6.1 | 0.23% | 2023-04-26 | 2025-02-03 |
| CVE-2023-30266 | CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. | [email protected] | 8.8 | 0.43% | 2023-04-26 | 2025-02-03 |
| CVE-2023-30265 | CLTPHP <=6.0 is vulnerable to Directory Traversal. | [email protected] | 6.5 | 0.62% | 2023-04-26 | 2025-02-03 |
| CVE-2022-1085 | A vulnerability was found in CLTPHP up to 6.0. It has been declared as problematic. Affected by this vulnerability is the POST Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 3.5 | 0.18% | 2022-03-29 | 2024-11-21 |