happy_source

5 exploits Active since Apr 2022
CVE-2022-29624 GITEE HIGH php
TPCMS v3.2 - Arbitrary File Upload via Add File Function
An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file.
127 stars
CVSS 8.8
CVE-2022-27442 GITEE HIGH php
TPCMS v3.2 - Sensitive Information Exposure via ThinkPHP Log Directory
TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password.
127 stars
CVSS 7.5
CVE-2022-27441 GITEE MEDIUM php
TPCMS v3.2 - Stored Cross-Site Scripting via Phone Text Box
A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box.
127 stars
CVSS 4.8
CVE-2021-36545 GITEE MEDIUM php
tpcms 3.2 - Stored Cross-Site Scripting via Site Configuration Fields
Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page.
127 stars
CVSS 5.4
CVE-2021-36544 GITEE HIGH php
tpcms 3.2 - Incorrect Access Control and Sensitive Information Exposure via Application URL
Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.
127 stars
CVSS 7.5