Lucene search
K

60 matches found

CNVD
CNVD
added 2020/05/07 12:0 a.m.1 views

MKCMS suffers from SQL injection vulnerability

MKCMS is a content management system. MKCMS suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...

7.8AI score
Exploits0
CNVD
CNVD
added 2020/04/09 12:0 a.m.1 views

PinYou Movie MKCMS v5.0 suffers from SQL Injection Vulnerability

PinYou film and television to provide VIP video resolution of the film and television station source code, automatic update maintenance. MKCMS v5.0 has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...

8AI score
Exploits0
NVD
NVD
added 2019/04/18 11:29 p.m.18 views

CVE-2019-11332

MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456...

8.8CVSS8.7AI score0.01824EPSS
Exploits1References1
Prion
Prion
added 2019/04/18 11:29 p.m.10 views

Default credentials

MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456...

6.8CVSS8.6AI score0.01824EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/04/18 10:17 p.m.26 views

CVE-2019-11332

MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456...

8.7AI score0.01824EPSS
Exploits1References1
CVE
CVE
added 2019/04/18 10:17 p.m.45 views

CVE-2019-11332

The CVE-2019-11332 entry concerns MKCMS 5.0. Affected component: the repass.php flow in ucenter. The issue allows remote attackers to takeover arbitrary user accounts by posting a username and e-mail address, which triggers an e‑mail containing the user’s password (demo: 123456). The Red Hat and ...

8.8CVSS8.6AI score0.01824EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/04/11 2:29 a.m.17 views

Cross site request forgery (csrf)

MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI...

6.8CVSS8.6AI score0.00614EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/04/11 2:29 a.m.22 views

CVE-2019-11078

MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI...

8.8CVSS8.7AI score0.00614EPSS
Exploits1References1
CVE
CVE
added 2019/04/11 1:11 a.m.44 views

CVE-2019-11078

Summary: CVE-2019-11078 affects MKCMS V5.0, where a CSRF flaw in the ucenter/userinfo.php endpoint allows adding a new admin user. The underlying issue is lack of proper request validation, enabling an attacker-controlled cross-site request to perform privileged action without user consent. Impac...

8.8CVSS8.5AI score0.00614EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/04/11 1:11 a.m.23 views

CVE-2019-11078

MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI...

8.7AI score0.00614EPSS
Exploits1References1
CNVD
CNVD
added 2019/04/04 12:0 a.m.3 views

MKCMS SQL Injection Vulnerability

MKCMS is a content management system. A SQL injection vulnerability exists in MKCMS version V5.0. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability to execute illegal SQL commands...

9.8CVSS8.2AI score0.01464EPSS
Exploits1References1
OSV
OSV
added 2019/04/02 7:29 p.m.2 views

CVE-2019-10707

MKCMS V5.0 has SQL injection via the bplay.php play parameter...

9.8CVSS7.3AI score0.01464EPSS
Exploits1References1
NVD
NVD
added 2019/04/02 7:29 p.m.20 views

CVE-2019-10707

MKCMS V5.0 has SQL injection via the bplay.php play parameter...

9.8CVSS9.9AI score0.01464EPSS
Exploits1References1
Prion
Prion
added 2019/04/02 7:29 p.m.16 views

Sql injection

MKCMS V5.0 has SQL injection via the bplay.php play parameter...

7.5CVSS9.8AI score0.01464EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/04/02 6:51 p.m.19 views

CVE-2019-10707

MKCMS V5.0 has SQL injection via the bplay.php play parameter...

10AI score0.01464EPSS
Exploits1References1
CVE
CVE
added 2019/04/02 6:51 p.m.40 views

CVE-2019-10707

MKCMS V5.0 is affected by a SQL injection vulnerability in the bplay.php play parameter. The root cause is inadequate validation of externally supplied SQL statements, per CNVD-2019-14075 and related entries, with Red Hat and CVE databases confirming the same issue. Impact is described as high/cr...

9.8CVSS9.8AI score0.01464EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2019/03/25 12:0 a.m.2 views

SQL Injection Vulnerability in MKCMS Version 5.0 ac***.php Page

MKCMS is a content management system. A SQL injection vulnerability exists in the ac.php page of MKCMS version 5.0, which can be exploited by attackers to obtain sensitive database information...

7.8AI score
Exploits0
CNVD
CNVD
added 2019/01/24 12:0 a.m.1 views

SQL Injection Vulnerability in MKCMS vl***.php Page

MKCMS is a content management system. A SQL injection vulnerability exists in the MKCMS vl.php page, which can be exploited by attackers to obtain sensitive information from the database...

7.6AI score
Exploits0
exploitpack
exploitpack
added 2013/06/11 12:0 a.m.19 views

mkCMS - index.php Arbitrary PHP Code Execution

mkCMS - index.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/60488/info mkCMS is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code within the context of the affected application. mkCMS 3.6 is...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2013/06/11 12:0 a.m.20 views

mkCMS - 'index.php' Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/60488/info mkCMS is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code within the context of the affected application. mkCMS 3.6 is vulnerable; other versions may also be affected...

7.4AI score
Exploits0
Rows per page
Query Builder