4 matches found
CVE-2019-8436
imcat 4.5 has Stored XSS via the root/run/adm.php fminstopnote parameter...
CVE-2018-20606
imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr=Pcoln= URI...
CVE-2019-14968
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action...
imcat Cross-Site Scripting Vulnerability
imcat is a PHP-based open source website building system . A cross-site scripting vulnerability exists in imcat version 4.4. Remote attackers can use this vulnerability to inject arbitrary Web script or HTML by sending a specially crafted cookie to root/tools/adbug/binfo.php?cookie URI...