Vulnerabilities > Ucms Project

DATE CVE VULNERABILITY TITLE RISK
2023-09-17 CVE-2023-5015 Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7
A vulnerability was found in UCMS 1.4.7.
network
low complexity
ucms-project CWE-79
6.1
2023-04-26 CVE-2023-2294 Cross-site Scripting vulnerability in Ucms Project Ucms 1.6
A vulnerability was found in UCMS 1.6.0.
network
low complexity
ucms-project CWE-79
6.1
2023-03-09 CVE-2023-1303 Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.6
A vulnerability was found in UCMS 1.6 and classified as critical.
network
low complexity
ucms-project CWE-434
critical
9.8
2022-10-14 CVE-2022-42234 Files or Directories Accessible to External Parties vulnerability in Ucms Project Ucms 1.6
There is a file inclusion vulnerability in the template management module in UCMS 1.6
network
low complexity
ucms-project CWE-552
8.8
2022-09-19 CVE-2022-38527 Cross-site Scripting vulnerability in Ucms Project Ucms 1.6
UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.
network
low complexity
ucms-project CWE-79
6.1
2022-09-12 CVE-2022-38297 Reliance on Cookies without Validation and Integrity Checking vulnerability in Ucms Project Ucms 1.6
UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.
network
low complexity
ucms-project CWE-565
critical
9.8
2022-08-10 CVE-2022-35426 Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.6
UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file.
network
low complexity
ucms-project CWE-434
critical
9.8
2022-04-21 CVE-2022-28440 Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.6
An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
ucms-project CWE-434
8.8
2022-04-21 CVE-2022-28443 Unspecified vulnerability in Ucms Project Ucms 1.6
UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability.
network
low complexity
ucms-project
critical
9.1
2022-04-21 CVE-2022-28444 Path Traversal vulnerability in Ucms Project Ucms 1.6
UCMS v1.6 was discovered to contain an arbitrary file read vulnerability.
network
low complexity
ucms-project CWE-22
7.5