📦 Luocms

Luocms v2.0 has an incorrect access control vulnerability that allows attackers to write arbitrary shell files via /admin/templates/template_manage.php. This enables remote code execution on affected ...

CVE-2022-24606 is a SQL injection vulnerability in Luocms v2.0 that allows attackers to execute arbitrary SQL commands through the /admin/news/sort_ok.php endpoint. This affects all Luocms v2.0 instal...

CVE-2022-24602 is a SQL injection vulnerability in Luocms v2.0's news_mod.php admin endpoint that allows attackers to execute arbitrary SQL commands. This affects all Luocms v2.0 installations with th...

CVE-2022-24604 is a SQL injection vulnerability in Luocms v2.0 that allows attackers to execute arbitrary SQL commands via the /admin/link/link_mod.php endpoint. This affects all organizations running...

CVE-2022-24600 is a critical SQL injection vulnerability in Luocms v2.0's admin login page that allows attackers to bypass authentication and gain administrative access. This affects all organizations...