Vulnerabilities > Txjia > Imcat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-24 | CVE-2021-35369 | Unspecified vulnerability in Txjia Imcat 5.2/5.3 Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the filtering_get_contents function. | 6.5 |
| 2023-02-24 | CVE-2021-35370 | Unspecified vulnerability in Txjia Imcat 5.4 An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function. | 9.8 |
| 2023-02-03 | CVE-2021-36443 | Cross-Site Request Forgery (CSRF) vulnerability in Txjia Imcat 5.4 Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification. | 8.8 |
| 2023-02-03 | CVE-2021-36444 | Cross-Site Request Forgery (CSRF) vulnerability in Txjia Imcat 5.4 Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page. | 8.8 |
| 2021-08-18 | CVE-2020-22120 | Code Injection vulnerability in Txjia Imcat 5.1 A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code. | 8.8 |
| 2021-06-23 | CVE-2020-20392 | SQL Injection vulnerability in Txjia Imcat 5.2 SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php. | 7.5 |
| 2020-12-09 | CVE-2020-23520 | Unrestricted Upload of File with Dangerous Type vulnerability in Txjia Imcat 5.2 imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. | 6.5 |
| 2019-08-12 | CVE-2019-14968 | SQL Injection vulnerability in Txjia Imcat 4.9 An issue was discovered in imcat 4.9. | 7.5 |
| 2019-02-18 | CVE-2019-8436 | Cross-site Scripting vulnerability in Txjia Imcat 4.5 imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. | 3.5 |
| 2018-12-30 | CVE-2018-20611 | Cross-site Scripting vulnerability in Txjia Imcat 4.4 imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. | 4.3 |