📦 Mccms

CVE-2023-26781 is a critical SQL injection vulnerability in mccms 2.6 that allows remote attackers to execute arbitrary SQL commands through the Author Center's Reader Comments Search feature. This af...

MCCMS v2.6.3 is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to trick authenticated users into performing unintended actions on the CMS. This affects all users running the vulne...

MCCMS v2.7.0 has a server-side request forgery (SSRF) vulnerability that allows attackers to make the application send requests to internal systems and read local files. This can lead to sensitive dat...

An authenticated arbitrary file download vulnerability in Mccms v2.7.0 allows attackers with admin access to download any file from the server via a crafted GET request to /admin/Backups.php. This aff...

This critical SSRF vulnerability in chshcms mccms 2.7 allows attackers to manipulate the 'pic' parameter to make the server send unauthorized requests to internal or external systems. It affects all i...