Vulnerabilities > Txjia > Imcat > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-03 CVE-2021-36443 Cross-Site Request Forgery (CSRF) vulnerability in Txjia Imcat 5.4
Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.
network
low complexity
txjia CWE-352
8.8
2023-02-03 CVE-2021-36444 Cross-Site Request Forgery (CSRF) vulnerability in Txjia Imcat 5.4
Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page.
network
low complexity
txjia CWE-352
8.8
2021-08-18 CVE-2020-22120 Code Injection vulnerability in Txjia Imcat 5.1
A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.
network
low complexity
txjia CWE-94
8.8
2021-06-23 CVE-2020-20392 SQL Injection vulnerability in Txjia Imcat 5.2
SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.
network
low complexity
txjia CWE-89
7.5
2019-08-12 CVE-2019-14968 SQL Injection vulnerability in Txjia Imcat 4.9
An issue was discovered in imcat 4.9.
network
low complexity
txjia CWE-89
7.5
2018-12-30 CVE-2018-20605 Code Injection vulnerability in Txjia Imcat 4.4
imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.
network
low complexity
txjia CWE-94
7.5