Vulnerabilities > Ucms Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-29 | CVE-2020-20781 | Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7 A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields. | 5.4 |
| 2021-07-23 | CVE-2021-25809 | Information Exposure Through an Error Message vulnerability in Ucms Project Ucms 1.5.0 UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php. | 5.3 |
| 2020-11-30 | CVE-2020-25537 | Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.5.0 File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission. | 9.8 |
| 2020-10-23 | CVE-2020-25483 | Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.4.8 An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. | 9.8 |
| 2020-09-04 | CVE-2020-24981 | Unspecified vulnerability in Ucms Project Ucms 1.4.8 An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. | 5.3 |
| 2019-05-21 | CVE-2019-12251 | SQL Injection vulnerability in Ucms Project Ucms 1.4.7 sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter. | 8.8 |
| 2019-03-07 | CVE-2018-16804 | Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.6 An issue was discovered in UCMS 1.4.6. | 6.1 |
| 2018-12-30 | CVE-2018-20601 | Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7 UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action. | 4.8 |
| 2018-12-30 | CVE-2018-20600 | Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7 sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action. | 6.1 |
| 2018-12-30 | CVE-2018-20599 | Code Injection vulnerability in Ucms Project Ucms 1.4.7 UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action. | 8.8 |