Vulnerabilities > Mkcms Project

DATE CVE VULNERABILITY TITLE RISK
2022-11-03 CVE-2020-22818 SQL Injection vulnerability in Mkcms Project Mkcms 6.2
MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.
network
low complexity
mkcms-project CWE-89
critical
9.8
2022-11-03 CVE-2020-22819 SQL Injection vulnerability in Mkcms Project Mkcms 6.2
MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.
network
low complexity
mkcms-project CWE-89
critical
9.8
2022-11-03 CVE-2020-22820 SQL Injection vulnerability in Mkcms Project Mkcms 6.2
MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.
network
low complexity
mkcms-project CWE-89
critical
9.8
2019-04-18 CVE-2019-11332 Unspecified vulnerability in Mkcms Project Mkcms 5.0
MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456.
network
mkcms-project
6.8
2019-04-11 CVE-2019-11078 Cross-Site Request Forgery (CSRF) vulnerability in Mkcms Project Mkcms 5.0
MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI.
6.8
2019-04-02 CVE-2019-10707 SQL Injection vulnerability in Mkcms Project Mkcms 5.0
MKCMS V5.0 has SQL injection via the bplay.php play parameter.
network
low complexity
mkcms-project CWE-89
7.5