Vulnerabilities > Ukcms > High

DATE CVE VULNERABILITY TITLE RISK
2019-04-05 CVE-2019-10888 Cross-Site Request Forgery (CSRF) vulnerability in Ukcms 1.1.10
A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html.
network
low complexity
ukcms CWE-352
8.8
8.8
2018-08-03 CVE-2018-14911 Unrestricted Upload of File with Dangerous Type vulnerability in Ukcms
A file upload vulnerability exists in ukcms v1.1.7 and earlier.
network
low complexity
ukcms CWE-434
7.2
7.2