Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ucms project vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-17036
An issue exists in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.
Ucms Project Ucms 1.4.6
Ucms Project Ucms 1.6
6.5
CVSSv2
CVE-2022-28440
An arbitrary file upload vulnerability in UCMS v1.6 allows malicious users to execute arbitrary code via a crafted PHP file.
Ucms Project Ucms 1.6
NA
CVE-2022-42234
There is a file inclusion vulnerability in the template management module in UCMS 1.6
Ucms Project Ucms 1.6
3.5
CVSSv2
CVE-2018-20597
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.
Ucms Project Ucms 1.4.7
6.8
CVSSv2
CVE-2018-20598
UCMS 1.4.7 has ?do=user_addpost CSRF.
Ucms Project Ucms 1.4.7
4.3
CVSSv2
CVE-2018-20600
sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.
Ucms Project Ucms 1.4.7
3.5
CVSSv2
CVE-2018-20601
UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.
Ucms Project Ucms 1.4.7
6.5
CVSSv2
CVE-2018-20599
UCMS 1.4.7 allows remote malicious users to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.
Ucms Project Ucms 1.4.7
6.5
CVSSv2
CVE-2019-12251
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.
Ucms Project Ucms 1.4.7
3.5
CVSSv2
CVE-2020-20781
A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields.
Ucms Project Ucms 1.4.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »