VYPR

Ucms

by Ucms

Source repositories

CVEs (24)

  • CVE-2022-38297CriSep 12, 2022
    risk 0.64cvss 9.8epss 0.01

    UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.

  • CVE-2022-35426CriAug 10, 2022
    risk 0.64cvss 9.8epss 0.01

    UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file.

  • CVE-2020-25483CriOct 23, 2020
    risk 0.64cvss 9.8epss 0.09

    An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.

  • CVE-2018-17036CriSep 14, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.

  • CVE-2018-17035CriSep 14, 2018
    risk 0.64cvss 9.8epss 0.01

    UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.

  • CVE-2022-28443CriApr 21, 2022
    risk 0.59cvss 9.1epss 0.01

    UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability.

  • CVE-2022-42234HigOct 14, 2022
    risk 0.57cvss 8.8epss 0.01

    There is a file inclusion vulnerability in the template management module in UCMS 1.6

  • CVE-2022-28440HigApr 21, 2022
    risk 0.57cvss 8.8epss 0.02

    An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2019-12251HigMay 21, 2019
    risk 0.57cvss 8.8epss 0.01

    sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.

  • CVE-2018-20599HigDec 30, 2018
    risk 0.57cvss 8.8epss 0.02

    UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.

  • CVE-2018-20598HigDec 30, 2018
    risk 0.57cvss 8.8epss 0.01

    UCMS 1.4.7 has ?do=user_addpost CSRF.

  • CVE-2018-19437HigNov 22, 2018
    risk 0.57cvss 8.8epss 0.01

    UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty.

  • CVE-2018-17037HigSep 14, 2018
    risk 0.57cvss 8.8epss 0.01

    user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3.

  • CVE-2022-28444HigApr 21, 2022
    risk 0.49cvss 7.5epss 0.01

    UCMS v1.6 was discovered to contain an arbitrary file read vulnerability.

  • CVE-2023-1303MedMar 9, 2023
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipulation of the argument file leads to unrestricted upload. The attack may be…

  • CVE-2022-38527MedSep 19, 2022
    risk 0.40cvss 6.1epss 0.00

    UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.

  • CVE-2018-16804MedMar 7, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request.

  • CVE-2018-20600MedDec 30, 2018
    risk 0.40cvss 6.1epss 0.01

    sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.

  • CVE-2018-17320MedSep 21, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action.

  • CVE-2020-24981MedSep 4, 2020
    risk 0.35cvss 5.3epss 0.01

    An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS.

Page 1 of 2