Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ucms project vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2018-17036
An issue exists in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.
Ucms Project Ucms 1.4.6
Ucms Project Ucms 1.6
578
VMScore
CVE-2019-12251
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.
Ucms Project Ucms 1.4.7
NA
CVE-2023-1303
A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipulation of the argument file leads to unrestricted upload. The attack may be initi...
Ucms Project Ucms 1.6
445
VMScore
CVE-2021-25809
UCMS 1.5.0 exists to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.
Ucms Project Ucms 1.5.0
NA
CVE-2023-5015
A vulnerability was found in UCMS 1.4.7. It has been classified as problematic. Affected is an unknown function of the file ajax.php?do=strarraylist. The manipulation of the argument strdefault leads to cross site scripting. It is possible to launch the attack remotely. The explo...
Ucms Project Ucms 1.4.7
580
VMScore
CVE-2022-28440
An arbitrary file upload vulnerability in UCMS v1.6 allows malicious users to execute arbitrary code via a crafted PHP file.
Ucms Project Ucms 1.6
571
VMScore
CVE-2022-28443
UCMS v1.6 exists to contain an arbitrary file deletion vulnerability.
Ucms Project Ucms 1.6
446
VMScore
CVE-2022-28444
UCMS v1.6 exists to contain an arbitrary file read vulnerability.
Ucms Project Ucms 1.6
383
VMScore
CVE-2018-17320
An issue exists in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action.
Ucms Project Ucms 1.4.6
312
VMScore
CVE-2018-20597
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.
Ucms Project Ucms 1.4.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »