CVE-2025-4795
- EPSS 0.06%
- Veröffentlicht 16.05.2025 18:31:04
- Zuletzt bearbeitet 10.11.2025 14:42:38
A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin&c=article&a=SaveInfo. The manipulation of the argument ID leads to sql injection. It is possible t...
CVE-2019-9572
- EPSS 0.94%
- Veröffentlicht 05.03.2019 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:51:52
SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the _Static substring, changing the Content-Type to application/zip, and placing PHP code after the Z...
CVE-2019-9181
- EPSS 0.94%
- Veröffentlicht 26.02.2019 07:29:00
- Zuletzt bearbeitet 21.11.2024 04:51:09
SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c=site&a=save by using the .jpg extension, changing the Content-Type to image/php, and placing PHP code after the JPEG data. This ultimately allows execution ...
CVE-2019-8334
- EPSS 0.24%
- Veröffentlicht 13.02.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:49:42
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=[XSS].
CVE-2019-8335
- EPSS 0.24%
- Veröffentlicht 13.02.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:49:42
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&id=[XSS].