29 matches found
EUVD-2018-11128
Malware in sbrugna...
EUVD-2019-3893
Malware in sbrugna...
CVE-2019-12251
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadminceditpost cvalue parameter...
CVE-2018-20597
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadminfileedit action...
CVE-2023-5015
A vulnerability was found in UCMS 1.4.7. It has been classified as problematic. Affected is an unknown function of the file ajax.php?do=strarraylist. The manipulation of the argument strdefault leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...
Cross site scripting
A vulnerability was found in UCMS 1.4.7. It has been classified as problematic. Affected is an unknown function of the file ajax.php?do=strarraylist. The manipulation of the argument strdefault leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...
CVE-2023-5015
CVE-2023-5015 affects UCMS 1.4.7. The vulnerability lies in an unknown function in the file ajax.php?do=strarraylist, where manipulation of the argument strdefault leads to a cross-site scripting (XSS) condition. The issue is exploitable remotely, and the public exploit has been disclosed. Severa...
CVE-2020-20781
A stored cross-site scripting XSS vulnerability in /ucms/index.php?do=listedit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields...
Cross site scripting
A stored cross-site scripting XSS vulnerability in /ucms/index.php?do=listedit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields...
CVE-2020-20781
A stored cross-site scripting XSS vulnerability in /ucms/index.php?do=listedit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields...
CVE-2020-20781
UCMS 1.4.7 has a stored XSS in /ucms/index.php?do=list_edit that allows arbitrary HTML/script via crafted text in title, keywords, description, or content fields. Connected documents provide no exploitation details or remediation patches/versions; no fix/version info is in the supplied materials....
CVE-2019-12251
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadminceditpost cvalue parameter...
Sql injection
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadminceditpost cvalue parameter...
CVE-2019-12251
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadminceditpost cvalue parameter...
CVE-2018-20599
UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadminfileedit action...
Design/Logic Flaw
UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadminfileedit action...
Design/Logic Flaw
UCMS 1.4.7 has XSS via the description parameter in an index.php listeditpost action...
CVE-2018-20597
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadminfileedit action...
CVE-2018-20600
sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmincedit action...
CVE-2018-20598
CVE-2018-20598 affects UCMS 1.4.7 and is described in connected records as a Cross-Site Request Forgery (CSRF) vulnerability triggered via the parameter ?do=user_addpost. The vulnerability allows an attacker to abuse CSRF to create an administrator account within UCMS. Root cause is CSRF in the u...