Product
74cms 74cmsse
36 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-4329
CVE-2024-46089
CVE-2024-2561
CVE-2022-42154
CVE-2022-41472
CVE-2022-41471
CVE-2022-33097
CVE-2022-33096
CVE-2022-33095
CVE-2022-33094
CVE-2022-33093
CVE-2022-33092
CVE-2022-32131
CVE-2022-32130
CVE-2022-32129
CVE-2022-32128
CVE-2022-32127
CVE-2022-32126
CVE-2022-32125
CVE-2022-32124
CVE-2022-29721
CVE-2022-29720
CVE-2022-26271
CVE-2020-22421
CVE-2020-22212
CVE-2020-22211
CVE-2020-22210
CVE-2020-22209
CVE-2020-22208
CVE-2020-35339
CVE-2020-29279
CVE-2019-17612
CVE-2019-11374
CVE-2019-10684
CVE-2018-20519
CVE-2018-20454
<= 3.33.0
A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of
< 3.33.0
74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin.
all versions
A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendComp
all versions
An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arb
all versions
74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This
all versions
74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the S
all versions
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job.
all versions
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/resume/index.
all versions
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist.
all versions
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map.
all versions
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resume_list.
all versions
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/index.
all versions
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /index/notice/show.
all versions
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/down_resume/t
all versions
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/account/safet
all versions
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/service/incre
all versions
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/view_be_brows
all versions
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company.
all versions
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job.
all versions
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/
all versions
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist.
all versions
74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.
all versions
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download
all versions
74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vulnerability via /index.php?m=&c=help&a=help_list&key.
all versions
SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php.
all versions
SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php.
all versions
SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php.
all versions
SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php.
all versions
SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php.
all versions
In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php
< 6.0.48
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS befor
all versions
An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendCo
all versions
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
all versions
Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code via
all versions
An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a
all versions
An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the key parameter.