Imcat
Products
1- 14 CVEs
Recent CVEs
14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-20392 | Cri | 0.64 | 9.8 | 0.01 | Jun 23, 2021 | SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php. | ||
| CVE-2019-14968 | Cri | 0.64 | 9.8 | 0.02 | Aug 12, 2019 | An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action. | ||
| CVE-2018-20605 | Cri | 0.64 | 9.8 | 0.02 | Dec 30, 2018 | imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file. | ||
| CVE-2021-36444 | Hig | 0.57 | 8.8 | 0.01 | Feb 3, 2023 | Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page. | ||
| CVE-2021-36443 | Hig | 0.57 | 8.8 | 0.01 | Feb 3, 2023 | Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification. | ||
| CVE-2020-22120 | Hig | 0.57 | 8.8 | 0.02 | Aug 18, 2021 | A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code. | ||
| CVE-2018-20608 | Hig | 0.50 | 7.5 | 0.12 | Dec 30, 2018 | imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI. | ||
| CVE-2018-20606 | Hig | 0.49 | 7.5 | 0.03 | Dec 30, 2018 | imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI. | ||
| CVE-2020-23520 | Hig | 0.47 | 7.2 | 0.02 | Dec 9, 2020 | imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. | ||
| CVE-2018-20611 | Med | 0.40 | 6.1 | 0.01 | Dec 30, 2018 | imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. | ||
| CVE-2019-8436 | Med | 0.35 | 5.4 | 0.01 | Feb 18, 2019 | imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. | ||
| CVE-2018-20609 | Med | 0.35 | 5.3 | 0.03 | Dec 30, 2018 | imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI. | ||
| CVE-2018-20607 | Med | 0.35 | 5.3 | 0.03 | Dec 30, 2018 | imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI. | ||
| CVE-2018-20610 | Med | 0.32 | 4.9 | 0.02 | Dec 30, 2018 | imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter. |
- risk 0.64cvss 9.8epss 0.01
SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.
- risk 0.64cvss 9.8epss 0.02
imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.
- risk 0.57cvss 8.8epss 0.01
Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page.
- risk 0.57cvss 8.8epss 0.01
Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.
- risk 0.57cvss 8.8epss 0.02
A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.
- risk 0.50cvss 7.5epss 0.12
imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.
- risk 0.49cvss 7.5epss 0.03
imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI.
- risk 0.47cvss 7.2epss 0.02
imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality.
- risk 0.40cvss 6.1epss 0.01
imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI.
- risk 0.35cvss 5.4epss 0.01
imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.
- risk 0.35cvss 5.3epss 0.03
imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI.
- risk 0.35cvss 5.3epss 0.03
imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI.
- risk 0.32cvss 4.9epss 0.02
imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter.