Vulnerabilities > Ucms Project

DATE CVE VULNERABILITY TITLE RISK
2023-09-17 CVE-2023-5015 Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7
A vulnerability was found in UCMS 1.4.7.
network
low complexity
ucms-project CWE-79
6.1
2023-04-26 CVE-2023-2294 Cross-site Scripting vulnerability in Ucms Project Ucms 1.6
A vulnerability was found in UCMS 1.6.0.
network
low complexity
ucms-project CWE-79
6.1
2023-03-09 CVE-2023-1303 Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.6
A vulnerability was found in UCMS 1.6 and classified as critical.
network
low complexity
ucms-project CWE-434
critical
9.8
2022-10-14 CVE-2022-42234 Files or Directories Accessible to External Parties vulnerability in Ucms Project Ucms 1.6
There is a file inclusion vulnerability in the template management module in UCMS 1.6
network
low complexity
ucms-project CWE-552
8.8
2022-04-21 CVE-2022-28440 Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.6
An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
ucms-project CWE-434
6.5
2022-04-21 CVE-2022-28443 Unspecified vulnerability in Ucms Project Ucms 1.6
UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability.
network
low complexity
ucms-project
6.4
2022-04-21 CVE-2022-28444 Path Traversal vulnerability in Ucms Project Ucms 1.6
UCMS v1.6 was discovered to contain an arbitrary file read vulnerability.
network
low complexity
ucms-project CWE-22
5.0
2021-09-29 CVE-2020-20781 Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7
A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields.
3.5
2021-07-23 CVE-2021-25809 Information Exposure vulnerability in Ucms Project Ucms 1.5.0
UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.
network
low complexity
ucms-project CWE-200
5.0
2020-11-30 CVE-2020-25537 Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.5.0
File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.
network
low complexity
ucms-project CWE-434
critical
10.0