MidnightBSD

Advisories for cltphp

CVE-2022-1085 MEDIUM

A vulnerability was found in CLTPHP up to 6.0. It has been declared as problematic. Affected by this vulnerability is the POST Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.5 LOW CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N 2.1 1.4
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
cltphp cltphp *
CVE-2023-30264

CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update.

Products Affected

Vendor Product Version
cltphp cltphp *
CVE-2023-30265

CLTPHP <=6.0 is vulnerable to Directory Traversal.

Products Affected

Vendor Product Version
cltphp cltphp *
CVE-2023-30266

CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type.

Products Affected

Vendor Product Version
cltphp cltphp *
CVE-2023-30267

CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php.

Products Affected

Vendor Product Version
cltphp cltphp *
CVE-2023-30268

CLTPHP <=6.0 is vulnerable to Improper Input Validation.

Products Affected

Vendor Product Version
cltphp cltphp *
CVE-2023-30269

CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php.

Products Affected

Vendor Product Version
cltphp cltphp *