Every CVE whose affected-product data names Chshcms Mccms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2023-26781 — CVSS 9.8 (critical): SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search.
CVE-2025-50234 — CVSS 6.5 (medium): MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter…
CVE-2023-26782 — CVSS 6.5 (medium): An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System…
CVE-2023-3235 — CVSS 6.3 (medium): A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function pic_api of the file…
CVE-2025-5327 — CVSS 6.3 (medium): A vulnerability was found in chshcms mccms 2.7. It has been classified as critical. This affects the function index of the file…
CVE-2023-3236 — CVSS 6.3 (medium): A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function pic_save of the file…
CVE-2023-5029 — CVSS 5.5 (medium): A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/cop…
CVE-2025-51651 — CVSS 5.5 (medium): An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attackers to download…
CVE-2025-51818 — CVSS 5.4 (medium): MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands
CVE-2025-5328 — CVSS 5.4 (medium): A vulnerability was found in chshcms mccms 2.7. It has been declared as critical. This vulnerability affects the function restore_del of…