MidnightBSD

Advisories for chshcms

CVE-2018-16337 MEDIUM

An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
chshcms cscms 4.1.8
CVE-2018-16448 MEDIUM

Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
chshcms cscms 4.0
CVE-2018-16730 MEDIUM

\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
chshcms cscms 4.1
CVE-2018-16731 HIGH

CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
chshcms cscms 4.1
CVE-2018-16732 MEDIUM

\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
chshcms cscms 4.1
CVE-2018-17125 MEDIUM

CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
chshcms cscms 4.1
CVE-2018-17126 HIGH

CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
chshcms cscms 4.1
CVE-2019-6779 MEDIUM

Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
chshcms cscms 4.1.8
CVE-2019-9598 MEDIUM

An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
chshcms cscms 4.1
CVE-2020-21238 MEDIUM

An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,

Products Affected

Vendor Product Version
chshcms cscms 4.0
CVE-2020-22848 HIGH

A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
chshcms cscms 4.1
CVE-2020-28102 HIGH

cscms v4.1 allows for SQL injection via the "js_del" function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms 4.1
CVE-2020-28103 HIGH

cscms v4.1 allows for SQL injection via the "page_del" function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms 4.1
CVE-2022-27090 MEDIUM

Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
chshcms cscms 4.2
CVE-2022-27365 MEDIUM

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms 4.2
CVE-2022-27366 MEDIUM

Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms 4.2
CVE-2022-27367 MEDIUM

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms 4.2
CVE-2022-27368 MEDIUM

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms 4.2
CVE-2022-27369 MEDIUM

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms 4.2
CVE-2022-28552 MEDIUM

Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms 4.1
CVE-2022-29660 HIGH

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29661 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29662 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29663 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29664 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29665 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29666 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29667 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted photos.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29669 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29670 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29676 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29680 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29681 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29682 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29683 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29684 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29685 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29686 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29687 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29688 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-29689 MEDIUM

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms cscms_music_portal_system 4.2
CVE-2022-30898 MEDIUM

A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
chshcms cscms 4.2
CVE-2023-26781

SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search.

Products Affected

Vendor Product Version
chshcms mccms 2.6
CVE-2023-26782

An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters.

Products Affected

Vendor Product Version
chshcms mccms 2.6.1
CVE-2023-29815

mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF).

Products Affected

Vendor Product Version
chshcms mccms 2.6.3
CVE-2023-3235 MEDIUM

A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function pic_api of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231506 is the identifier assigned to this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
chshcms mccms *
CVE-2023-3236 MEDIUM

A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function pic_save of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231507.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
chshcms mccms *
CVE-2023-5029 MEDIUM

A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239871.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.1 3.4
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
chshcms mccms 2.6
CVE-2025-50234

MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sys_auth($pic, 1) function, which utilizes a hard-coded key Mc_Encryption_Key (bD2voYwPpNuJ7B8), defined in the db.php file. The decrypted URL is passed to the geturl() method, which uses cURL to make a request to the URL without proper security checks. An attacker can craft a malicious encrypted pic parameter, which, when decrypted, points to internal addresses or local file paths (such as http://127.0.0.1 or file://). By using the file:// protocol, the attacker can access arbitrary files on the local file system (e.g., file:///etc/passwd, file:///C:/Windows/System32/drivers/etc/hosts), allowing them to read sensitive configuration files, log files, and more, leading to information leakage or system exposure. The danger of this SSRF vulnerability includes accessing internal services and local file systems through protocols like http://, ftp://, and file://, which can result in sensitive data leakage, remote code execution, privilege escalation, or full system compromise, severely affecting the system's security and stability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
chshcms mccms 2.7
CVE-2025-51651

An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attackers to download arbitrary files via a crafted GET request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 2.1 3.4

Products Affected

Vendor Product Version
chshcms mccms 2.7
CVE-2025-51818

MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
chshcms mccms 2.7
CVE-2025-5327 MEDIUM

A vulnerability was found in chshcms mccms 2.7. It has been classified as critical. This affects the function index of the file sys/apps/controllers/api/Gf.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
chshcms mccms 2.7
CVE-2025-5328 MEDIUM

A vulnerability was found in chshcms mccms 2.7. It has been declared as critical. This vulnerability affects the function restore_del of the file /sys/apps/controllers/admin/Backups.php. The manipulation of the argument dirs leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
chshcms mccms 2.7