27 matches found
EUVD-2018-6793
Malware in sbrugna...
EUVD-2019-2610
Malware in sbrugna...
EUVD-2020-10373
Malware in sbrugna...
CVE-2020-18449
Cross Site Scripting XSS vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php...
CVE-2019-10888
A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html...
CVE-2018-14911
A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by...
CVE-2020-18449
Cross Site Scripting XSS vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php...
Cross site scripting
Cross Site Scripting XSS vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php...
CVE-2020-18449
CVE-2020-18449 : XSS vulnerability in UKCMS v1.1.10, triggered by data in the index function of Single.php. Root cause: inadequate input handling/sanitization in that function. Impact: user-visible cross-site scripting as described; exploitation details not provided in the supplied documents. Rem...
CVE-2020-18449
Cross Site Scripting XSS vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php...
File Upload Vulnerability in UKcms
UKcms is a simple, flexible and open source web content management system based on PHP7 and mysql technology. UKcms has a file upload vulnerability, the vulnerability is due to the system does not strictly filter the file upload type. Attackers can use this vulnerability to upload script Trojans...
Backup File Download Vulnerability in UKcms Frontend
UKcms is a PHP-based content management system CMS by China Lingji Network Technology. A backup file download vulnerability exists in the frontend of UKcms. Under unauthorized circumstances, an attacker can exploit the vulnerability to construct links to directly download SQL backup information...
UKcms has an XSS vulnerability
UKcms is a PHP-based content management system CMS by China Lingji Network Technology. UKcms suffers from an XSS vulnerability, which allows an attacker to insert xss statements in the foreground to obtain administrator cookies in the background...
Cross site request forgery (csrf)
A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html...
CVE-2019-10888
A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html...
CVE-2019-10888
A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html...
CVE-2019-10888
UKcms v1.1.10 is affected by a cross-site request forgery (CSRF) vulnerability that can be exploited through admin.php/admin/role/add.html to add an administrator account. The issue stems from CSRF protection gaps on the role-management endpoint, enabling privilege escalation by creating an admin...
CVE-2019-10888
A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html...
UKCMS has an information leakage vulnerability
UKcms is a web content management system based on PHP7 and mysql technology. UKCMS is vulnerable to information leakage. An attacker can obtain information about database backup files through constructed links...
Ukcms File Upload Vulnerability
UKcms is a content management system CMS written in the PHP language. A file upload vulnerability exists in UKcms 1.1.7 and earlier versions. The vulnerability stems from the program not strictly filtering the type of file uploads. An attacker can exploit this vulnerability by changing the...