MidnightBSD

Advisories for tp5cms_project

CVE-2018-15566 MEDIUM

tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp5cms_project tp5cms *
CVE-2018-15568 MEDIUM

tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
tp5cms_project tp5cms *
CVE-2018-19692 HIGH

An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
tp5cms_project tp5cms *
CVE-2018-19693 MEDIUM

An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp5cms_project tp5cms *
CVE-2021-31280

An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter.

Products Affected

Vendor Product Version
tp5cms_project tp5cms *