Jack-Black-13

2 exploits Active since Dec 2024

CVE-2024-12503 WRITEUP LOW WRITEUP

Classcms - Code Injection

A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Model Management Page. The manipulation of the argument URL leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS 2.4

View Code

CVE-2024-12666 WRITEUP MEDIUM WRITEUP

ClassCMS <4.8 - Privilege Escalation

A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of insufficient privileges. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS 4.7

View Code