MKCMS
by MKCMS
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-22820 | Cri | 0.64 | 9.8 | 0.01 | Nov 3, 2022 | MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter. | ||
| CVE-2020-22819 | Cri | 0.64 | 9.8 | 0.01 | Nov 3, 2022 | MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter. | ||
| CVE-2020-22818 | Cri | 0.64 | 9.8 | 0.01 | Nov 3, 2022 | MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter. | ||
| CVE-2019-10707 | Cri | 0.64 | 9.8 | 0.01 | Apr 2, 2019 | MKCMS V5.0 has SQL injection via the bplay.php play parameter. | ||
| CVE-2019-11332 | Hig | 0.57 | 8.8 | 0.02 | Apr 18, 2019 | MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456. | ||
| CVE-2019-11078 | Hig | 0.57 | 8.8 | 0.01 | Apr 11, 2019 | MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI. |
- risk 0.64cvss 9.8epss 0.01
MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.
- risk 0.64cvss 9.8epss 0.01
MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.
- risk 0.64cvss 9.8epss 0.01
MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.
- risk 0.64cvss 9.8epss 0.01
MKCMS V5.0 has SQL injection via the bplay.php play parameter.
- risk 0.57cvss 8.8epss 0.02
MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456.
- risk 0.57cvss 8.8epss 0.01
MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI.