Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ucms project vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-17036
An issue exists in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.
Ucms Project Ucms 1.4.6
Ucms Project Ucms 1.6
6.5
CVSSv2
CVE-2018-20599
UCMS 1.4.7 allows remote malicious users to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.
Ucms Project Ucms 1.4.7
4.3
CVSSv2
CVE-2018-17320
An issue exists in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action.
Ucms Project Ucms 1.4.6
5
CVSSv2
CVE-2020-24981
An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS.
Ucms Project Ucms 1.4.8
7.5
CVSSv2
CVE-2018-17035
UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.
Ucms Project Ucms 1.4.6
6.5
CVSSv2
CVE-2018-17037
user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3.
Ucms Project Ucms 1.4.6
NA
CVE-2022-38527
UCMS v1.6.0 exists to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.
Ucms Project Ucms 1.6
NA
CVE-2023-2294
A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the argument strorder leads to cross site scripting. It is possible to initiate the att...
Ucms Project Ucms 1.6
NA
CVE-2022-35426
UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file.
Ucms Project Ucms 1.6
NA
CVE-2022-38297
UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.
Ucms Project Ucms 1.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »