Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ucms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-16804
An issue exists in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request.
Ucms Project Ucms 1.4.6
3.5
CVSSv2
CVE-2018-20597
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.
Ucms Project Ucms 1.4.7
6.8
CVSSv2
CVE-2018-20598
UCMS 1.4.7 has ?do=user_addpost CSRF.
Ucms Project Ucms 1.4.7
3.5
CVSSv2
CVE-2018-20601
UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.
Ucms Project Ucms 1.4.7
4.3
CVSSv2
CVE-2018-17320
An issue exists in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action.
Ucms Project Ucms 1.4.6
7.5
CVSSv2
CVE-2018-17035
UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.
Ucms Project Ucms 1.4.6
6.5
CVSSv2
CVE-2022-28440
An arbitrary file upload vulnerability in UCMS v1.6 allows malicious users to execute arbitrary code via a crafted PHP file.
Ucms Project Ucms 1.6
6.4
CVSSv2
CVE-2022-28443
UCMS v1.6 exists to contain an arbitrary file deletion vulnerability.
Ucms Project Ucms 1.6
5
CVSSv2
CVE-2022-28444
UCMS v1.6 exists to contain an arbitrary file read vulnerability.
Ucms Project Ucms 1.6
6.5
CVSSv2
CVE-2018-20599
UCMS 1.4.7 allows remote malicious users to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.
Ucms Project Ucms 1.4.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »