Imcat
by Peacexie
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-35370 | Cri | 0.64 | 9.8 | 0.01 | Feb 24, 2023 | An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function. | ||
| CVE-2018-20605 | Cri | 0.64 | 9.8 | 0.02 | Dec 30, 2018 | imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file. | ||
| CVE-2018-20608 | Hig | 0.50 | 7.5 | 0.12 | Dec 30, 2018 | imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI. | ||
| CVE-2018-20606 | Hig | 0.49 | 7.5 | 0.03 | Dec 30, 2018 | imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI. | ||
| CVE-2020-23520 | Hig | 0.47 | 7.2 | 0.02 | Dec 9, 2020 | imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. | ||
| CVE-2021-35369 | Med | 0.42 | 6.5 | 0.01 | Feb 24, 2023 | Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the filtering_get_contents function. | ||
| CVE-2018-20611 | Med | 0.40 | 6.1 | 0.01 | Dec 30, 2018 | imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. | ||
| CVE-2019-8436 | Med | 0.35 | 5.4 | 0.01 | Feb 18, 2019 | imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. | ||
| CVE-2018-20609 | Med | 0.35 | 5.3 | 0.03 | Dec 30, 2018 | imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI. | ||
| CVE-2018-20607 | Med | 0.35 | 5.3 | 0.03 | Dec 30, 2018 | imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI. | ||
| CVE-2018-20610 | Med | 0.32 | 4.9 | 0.02 | Dec 30, 2018 | imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter. |
- risk 0.64cvss 9.8epss 0.01
An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.
- risk 0.64cvss 9.8epss 0.02
imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.
- risk 0.50cvss 7.5epss 0.12
imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.
- risk 0.49cvss 7.5epss 0.03
imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI.
- risk 0.47cvss 7.2epss 0.02
imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality.
- risk 0.42cvss 6.5epss 0.01
Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the filtering_get_contents function.
- risk 0.40cvss 6.1epss 0.01
imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI.
- risk 0.35cvss 5.4epss 0.01
imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.
- risk 0.35cvss 5.3epss 0.03
imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI.
- risk 0.35cvss 5.3epss 0.03
imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI.
- risk 0.32cvss 4.9epss 0.02
imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter.