Vulnerabilities > Ucms Project > Ucms > 1.4.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-17 | CVE-2023-5015 | Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7 A vulnerability was found in UCMS 1.4.7. | 6.1 |
2021-09-29 | CVE-2020-20781 | Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7 A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields. | 5.4 |
2019-05-21 | CVE-2019-12251 | SQL Injection vulnerability in Ucms Project Ucms 1.4.7 sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter. | 8.8 |
2018-12-30 | CVE-2018-20601 | Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7 UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action. | 4.8 |
2018-12-30 | CVE-2018-20600 | Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7 sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action. | 6.1 |
2018-12-30 | CVE-2018-20599 | Code Injection vulnerability in Ucms Project Ucms 1.4.7 UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action. | 8.8 |
2018-12-30 | CVE-2018-20598 | Cross-Site Request Forgery (CSRF) vulnerability in Ucms Project Ucms 1.4.7 UCMS 1.4.7 has ?do=user_addpost CSRF. | 8.8 |
2018-12-30 | CVE-2018-20597 | Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7 UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action. | 4.8 |
2018-11-22 | CVE-2018-19437 | Unspecified vulnerability in Ucms Project Ucms 1.4.7 UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty. | 8.8 |