Vulnerabilities > Ucms Project > Ucms > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-14 CVE-2022-42234 Files or Directories Accessible to External Parties vulnerability in Ucms Project Ucms 1.6
There is a file inclusion vulnerability in the template management module in UCMS 1.6
network
low complexity
ucms-project CWE-552
8.8
2020-10-23 CVE-2020-25483 Command Injection vulnerability in Ucms Project Ucms 1.4.8
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
network
low complexity
ucms-project CWE-77
7.5
2018-09-14 CVE-2018-17036 Code Injection vulnerability in Ucms Project Ucms 1.4.6/1.6
An issue was discovered in UCMS 1.4.6 and 1.6.
network
low complexity
ucms-project CWE-94
7.5
2018-09-14 CVE-2018-17035 SQL Injection vulnerability in Ucms Project Ucms 1.4.6
UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.
network
low complexity
ucms-project CWE-89
7.5