Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ucms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-20598
UCMS 1.4.7 has ?do=user_addpost CSRF.
Ucms Project Ucms 1.4.7
6.1
CVSSv3
CVE-2018-20600
sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.
Ucms Project Ucms 1.4.7
4.8
CVSSv3
CVE-2018-20601
UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.
Ucms Project Ucms 1.4.7
9.8
CVSSv3
CVE-2022-35426
UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file.
Ucms Project Ucms 1.6
6.1
CVSSv3
CVE-2022-38527
UCMS v1.6.0 exists to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.
Ucms Project Ucms 1.6
9.8
CVSSv3
CVE-2018-17035
UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.
Ucms Project Ucms 1.4.6
6.1
CVSSv3
CVE-2023-2294
A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the argument strorder leads to cross site scripting. It is possible to initiate the att...
Ucms Project Ucms 1.6
5.3
CVSSv3
CVE-2021-25809
UCMS 1.5.0 exists to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.
Ucms Project Ucms 1.5.0
6.1
CVSSv3
CVE-2023-5015
A vulnerability was found in UCMS 1.4.7. It has been classified as problematic. Affected is an unknown function of the file ajax.php?do=strarraylist. The manipulation of the argument strdefault leads to cross site scripting. It is possible to launch the attack remotely. The explo...
Ucms Project Ucms 1.4.7
9.8
CVSSv3
CVE-2022-38297
UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.
Ucms Project Ucms 1.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »