cbcvebase.

Ilch Cms vulnerabilities

7 known vulnerabilities affecting ilch/ilch_cms.

Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2019-17046P3HIGHCVSS 7.2v2.1.222019-09-30
CVE-2019-17046 [HIGH] CWE-434 CVE-2019-17046: Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.ph Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page.
nvd
CVE-2014-1944P4MEDIUMCVSS 4.3PoC≤ 2.02014-03-09
CVE-2014-1944 [MEDIUM] CWE-79 CVE-2014-1944: Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inje Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry.
nvd
CVE-2019-20524P4MEDIUMCVSS 6.1v2.1.232020-03-19
CVE-2019-20524 [MEDIUM] CWE-79 CVE-2019-20524: ilchCMS 2.1.23 allows XSS via the index.php/partner/index Banner parameter. ilchCMS 2.1.23 allows XSS via the index.php/partner/index Banner parameter.
nvd
CVE-2019-20523P4MEDIUMCVSS 6.1v2.1.232020-03-19
CVE-2019-20523 [MEDIUM] CWE-79 CVE-2019-20523: ilchCMS 2.1.23 allows XSS via the index.php/partner/index Name parameter. ilchCMS 2.1.23 allows XSS via the index.php/partner/index Name parameter.
nvd
CVE-2019-20522P4MEDIUMCVSS 6.1v2.1.232020-03-19
CVE-2019-20522 [MEDIUM] CWE-79 CVE-2019-20522: ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link parameter. ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link parameter.
nvd
CVE-2021-27352P4MEDIUMCVSS 5.4v2.1.422021-03-29
CVE-2021-27352 [MEDIUM] CWE-601 CVE-2021-27352: An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an a An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login.
nvd
CVE-2019-17045P4MEDIUMCVSS 4.8v2.1.222019-09-30
CVE-2019-17045 [MEDIUM] CWE-79 CVE-2019-17045: Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab. Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab.
nvd
Ilch Cms vulnerabilities | cvebase