Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ucms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-17036
An issue exists in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.
Ucms Project Ucms 1.4.6
Ucms Project Ucms 1.6
3.5
CVSSv2
CVE-2018-20597
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.
Ucms Project Ucms 1.4.7
6.8
CVSSv2
CVE-2018-20598
UCMS 1.4.7 has ?do=user_addpost CSRF.
Ucms Project Ucms 1.4.7
6.5
CVSSv2
CVE-2018-20599
UCMS 1.4.7 allows remote malicious users to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.
Ucms Project Ucms 1.4.7
4.3
CVSSv2
CVE-2018-20600
sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.
Ucms Project Ucms 1.4.7
3.5
CVSSv2
CVE-2018-20601
UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.
Ucms Project Ucms 1.4.7
6.4
CVSSv2
CVE-2022-28443
UCMS v1.6 exists to contain an arbitrary file deletion vulnerability.
Ucms Project Ucms 1.6
NA
CVE-2022-42234
There is a file inclusion vulnerability in the template management module in UCMS 1.6
Ucms Project Ucms 1.6
4.3
CVSSv2
CVE-2018-17034
UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter.
Ucms Project Ucms 1.4.6
6.5
CVSSv2
CVE-2018-17037
user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3.
Ucms Project Ucms 1.4.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-24955
man-in-the-middle
dos
CVE-2024-2818
CVE-2024-30584
CVE-2024-31134
camera
CVE-2023-45866
CVE-2024-30585
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »