Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ucms vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2018-17036
An issue exists in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.
Ucms Project Ucms 1.4.6
Ucms Project Ucms 1.6
668
VMScore
CVE-2020-25483
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
Ucms Project Ucms 1.4.8
890
VMScore
CVE-2020-25537
File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.
Ucms Project Ucms 1.5.0
578
VMScore
CVE-2018-17037
user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3.
Ucms Project Ucms 1.4.6
312
VMScore
CVE-2018-20597
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.
Ucms Project Ucms 1.4.7
578
VMScore
CVE-2018-20599
UCMS 1.4.7 allows remote malicious users to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.
Ucms Project Ucms 1.4.7
383
VMScore
CVE-2018-20600
sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.
Ucms Project Ucms 1.4.7
445
VMScore
CVE-2021-25809
UCMS 1.5.0 exists to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.
Ucms Project Ucms 1.5.0
578
VMScore
CVE-2019-12251
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.
Ucms Project Ucms 1.4.7
312
VMScore
CVE-2020-20781
A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields.
Ucms Project Ucms 1.4.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »