VYPR
Vendor

MKCMS

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2020-22820CriNov 3, 2022
    risk 0.64cvss 9.8epss 0.01

    MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.

  • CVE-2020-22819CriNov 3, 2022
    risk 0.64cvss 9.8epss 0.01

    MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.

  • CVE-2020-22818CriNov 3, 2022
    risk 0.64cvss 9.8epss 0.01

    MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.

  • CVE-2019-10707CriApr 2, 2019
    risk 0.64cvss 9.8epss 0.01

    MKCMS V5.0 has SQL injection via the bplay.php play parameter.

  • CVE-2019-11332HigApr 18, 2019
    risk 0.57cvss 8.8epss 0.02

    MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456.

  • CVE-2019-11078HigApr 11, 2019
    risk 0.57cvss 8.8epss 0.01

    MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI.