Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xiaocheng-keji | 71cms | 1.0 |
Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xiaocheng-keji | 71cms | 1.0 |