A vulnerability was found in CLTPHP up to 6.0. It has been declared as problematic. Affected by this vulnerability is the POST Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 3.5 | LOW | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N | 2.1 | 1.4 |
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cltphp | cltphp | * |
CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cltphp | cltphp | * |
CLTPHP <=6.0 is vulnerable to Directory Traversal.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cltphp | cltphp | * |
CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cltphp | cltphp | * |
CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cltphp | cltphp | * |
CLTPHP <=6.0 is vulnerable to Improper Input Validation.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cltphp | cltphp | * |
CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cltphp | cltphp | * |