Jadacheng

#7660of 53,632
35.9Total CVSS
Vulnerabilities · 4
High
1
Critical
3
PT-2020-15092
7.2
2020-10-02
Pluxml · Pluxml · CVE-2020-18184
**Name of the Vulnerable Software and Affected Versions** PluxXml version 5.7 **Description** The theme edit function in PluxXml is affected by an issue that allows remote attackers to execute arbitrary PHP code. This can be achieved by placing the malicious code into a template, specifically through the /PluXml/core/admin/parametres edittpl.php endpoint. **Recommendations** For PluxXml version 5.7, as a temporary workaround, consider disabling the theme edit function until a patch is available. Restrict access to the /PluXml/core/admin/parametres edittpl.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-15093
9.8
2020-10-02
Pluxml · Pluxml · CVE-2020-18185
**Name of the Vulnerable Software and Affected Versions** PluXml version 5.7 **Description** The issue allows attackers to execute arbitrary PHP code by modifying the configuration file in a Linux environment, specifically through the class.plx.admin.php file. **Recommendations** For PluXml version 5.7, update the class.plx.admin.php file to prevent modification of the configuration file, or restrict access to this file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-15096
9.1
2020-10-02
Getsimple · Getsimple Cms · CVE-2020-18191
**Name of the Vulnerable Software and Affected Versions** GetSimpleCMS version 3.3.15 **Description** The issue allows remote attackers to delete arbitrary files. This is achieved through a directory traversal attack. The "/admin/log.php" API endpoint is involved in the exploitation. **Recommendations** For GetSimpleCMS version 3.3.15, consider restricting access to the "/admin/log.php" endpoint until a patch is available. As a temporary workaround, avoid using the log.php file in the admin directory to minimize the risk of exploitation.
PT-2019-18722
9.8
2019-02-11
Taocms · Taocms · CVE-2019-7720
**Name of the Vulnerable Software and Affected Versions** taocms versions prior to 2014-05-24 **Description** The issue allows for eval injection by placing PHP code in the `db name` parameter of install.php and then making a request to config.php. **Recommendations** For versions prior to 2014-05-24, avoid using the `db name` parameter in the install.php file until a fix is available. As a temporary workaround, consider restricting access to the install.php and config.php files to minimize the risk of exploitation.