Every CVE whose affected-product data names Luocms Project Luocms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2022-24609 — CVSS 9.8 (critical): Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/template_manage.php, an attacker can write…
CVE-2022-24600 — CVSS 9.8 (critical): Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection…
CVE-2022-24601 — CVSS 7.5 (high): Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL…
CVE-2022-24608 — CVSS 6.1 (medium): Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php.