nucleuscms 漏洞與 CVE 列表(5)

產品(CPE): — CVE 數: 5

nucleuscms 漏洞概覽

彙總 nucleuscms 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

歷史漏洞主要涉及 跨站腳本與路徑處理缺陷 等問題,部分漏洞可能導致 檔案覆寫,並影響 生產負載與軟體部署 相關場景。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 155 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2020-21474 File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter. [email protected] 9.8 1.17% 2023-06-20 2026-06-16
CVE-2021-37770 Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources. [email protected] 7.2 1.24% 2022-06-30 2026-06-17
CVE-2018-16636 Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter. [email protected] 6.5 1.02% 2018-12-10 2026-06-16
CVE-2015-5454 Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item. [email protected] 4.3 1.64% 2015-07-08 2026-06-16
CVE-2011-3760 Nucleus 3.61 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/api_nucleus.inc.php and certain other files. [email protected] 5.0 1.35% 2011-09-23 2026-06-16
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence