Every CVE whose affected-product data names Nconsulting Nc-cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2018-18874 — CVSS 9.8 (critical): nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php…
CVE-2019-7721 — CVSS 7.5 (high): lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters.
CVE-2018-18361 — CVSS 6.1 (medium): An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html allows XSS via the name parameter, as demonstrated by a…
CVE-2018-18290 — CVSS 4.8 (medium): An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor…