Vulnerabilities > CVE-2018-19437 - Unspecified vulnerability in Ucms Project Ucms 1.4.7

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ucms-project

NVD

Published: 2018-11-22

Updated: 2019-10-03

Summary

UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty.

Vulnerable Configurations

Part	Description	Count
Application	Ucms_Project Ucms Project Ucms 1.4.7	1

References

https://github.com/wwwws1234/ucms/blob/master/Vertical%20crossing%20power.md