VYPR

imcat

by Imcat

CVEs (14)

  • CVE-2020-20392CriJun 23, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.

  • CVE-2019-14968CriAug 12, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.

  • CVE-2018-20605CriDec 30, 2018
    risk 0.64cvss 9.8epss 0.02

    imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.

  • CVE-2021-36444HigFeb 3, 2023
    risk 0.57cvss 8.8epss 0.01

    Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page.

  • CVE-2021-36443HigFeb 3, 2023
    risk 0.57cvss 8.8epss 0.01

    Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.

  • CVE-2020-22120HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.

  • CVE-2018-20608HigDec 30, 2018
    risk 0.50cvss 7.5epss 0.12

    imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.

  • CVE-2018-20606HigDec 30, 2018
    risk 0.49cvss 7.5epss 0.03

    imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI.

  • CVE-2020-23520HigDec 9, 2020
    risk 0.47cvss 7.2epss 0.02

    imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality.

  • CVE-2018-20611MedDec 30, 2018
    risk 0.40cvss 6.1epss 0.01

    imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI.

  • CVE-2019-8436MedFeb 18, 2019
    risk 0.35cvss 5.4epss 0.01

    imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.

  • CVE-2018-20609MedDec 30, 2018
    risk 0.35cvss 5.3epss 0.03

    imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI.

  • CVE-2018-20607MedDec 30, 2018
    risk 0.35cvss 5.3epss 0.03

    imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI.

  • CVE-2018-20610MedDec 30, 2018
    risk 0.32cvss 4.9epss 0.02

    imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter.