Vulnerabilities > Ucms Project > Ucms > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-09 | CVE-2023-1303 | Unspecified vulnerability in Ucms Project Ucms 1.6 A vulnerability was found in UCMS 1.6 and classified as critical. | 9.8 |
| 2022-09-12 | CVE-2022-38297 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Ucms Project Ucms 1.6 UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning. | 9.8 |
| 2022-08-10 | CVE-2022-35426 | Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.6 UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file. | 9.8 |
| 2022-04-21 | CVE-2022-28443 | Unspecified vulnerability in Ucms Project Ucms 1.6 UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability. | 9.1 |
| 2020-11-30 | CVE-2020-25537 | Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.5.0 File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission. | 9.8 |
| 2020-10-23 | CVE-2020-25483 | Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.4.8 An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. | 9.8 |
| 2018-09-14 | CVE-2018-17035 | SQL Injection vulnerability in Ucms Project Ucms 1.4.6 UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter. | 9.8 |
| 2018-09-14 | CVE-2018-17036 | Code Injection vulnerability in Ucms Project Ucms 1.4.6/1.6 An issue was discovered in UCMS 1.4.6 and 1.6. | 9.8 |