EUVD-2018-8818

Malware in sbrugna...

EUVD-2018-8817

Malware in sbrugna...

Sql injection

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysqldbname parameter...

CVE-2018-17035

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysqldbname parameter...

CVE-2018-17034

UCMS 1.4.6 has XSS via the install/index.php mysqldbname parameter...

Code injection

UCMS 1.4.6 has XSS via the install/index.php mysqldbname parameter...

CVE-2018-17034

UCMS 1.4.6 contains a Cross-Site Scripting (XSS) vulnerability controllable via the mysql_dbname parameter in install/index.php. Multiple connected sources (NVD entry CVE-2018-17034 and CNVD/CVE listings) confirm an XSS flaw capable of injecting arbitrary scripts/HTML in affected users’ browsers....

CVE-2018-17035

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysqldbname parameter...

CVE-2018-17035

The vulnerability CVE-2018-17035 affects UCMS 1.4.6, where an SQL injection can occur during installation via the install/index.php mysql_dbname parameter. Affected component is UCMS (PHP-based CMS); root cause is unsafely handled mysql_dbname input during setup, enabling potential SQL command ex...

CVE-2018-17034

UCMS 1.4.6 has XSS via the install/index.php mysqldbname parameter...

UCMS Cross-Site Scripting Vulnerability (CNVD-2018-19624)

UCMS is a content management system written in PHP. A cross-site scripting vulnerability exists in the install/index.php page in UCMS version 1.4.6. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the 'mysqldbname' parameter...