Vulnerabilities > Ucms Project

DATE CVE VULNERABILITY TITLE RISK
2020-10-23 CVE-2020-25483 Command Injection vulnerability in Ucms Project Ucms 1.4.8
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
network
low complexity
ucms-project CWE-77
7.5
2020-09-04 CVE-2020-24981 Incorrect Authorization vulnerability in Ucms Project Ucms 1.4.8
An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8.
network
low complexity
ucms-project CWE-863
5.0
2019-05-21 CVE-2019-12251 SQL Injection vulnerability in Ucms Project Ucms 1.4.7
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.
network
low complexity
ucms-project CWE-89
6.5
2019-03-07 CVE-2018-16804 Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.6
An issue was discovered in UCMS 1.4.6.
4.3
2018-12-30 CVE-2018-20601 Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7
UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.
3.5
2018-12-30 CVE-2018-20600 Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7
sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.
4.3
2018-12-30 CVE-2018-20599 Code Injection vulnerability in Ucms Project Ucms 1.4.7
UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.
network
low complexity
ucms-project CWE-94
6.5
2018-12-30 CVE-2018-20598 Cross-Site Request Forgery (CSRF) vulnerability in Ucms Project Ucms 1.4.7
UCMS 1.4.7 has ?do=user_addpost CSRF.
6.8
2018-12-30 CVE-2018-20597 Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.
3.5
2018-11-22 CVE-2018-19437 Unspecified vulnerability in Ucms Project Ucms 1.4.7
UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty.
network
low complexity
ucms-project
4.0