Tilde Cms Project : Security Vulnerabilities, CVEs,

CVE-2017-11327

An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload.
Max CVSS
6.5
EPSS Score
0.08%
Published
2017-07-24
Updated
2017-07-28

CVE-2017-11326

An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation.
Max CVSS
7.5
EPSS Score
0.10%
Published
2017-07-24
Updated
2019-10-03

CVE-2017-11325

An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php.
Max CVSS
7.5
EPSS Score
0.59%
Published
2017-07-24
Updated
2017-07-31

CVE-2017-11324

An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter.
Max CVSS
9.8
EPSS Score
0.21%
Published
2017-07-24
Updated
2017-07-28
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close