Directory Traversal, Arbitrary File Deletion Vulnerability in UsualToolCMS v8.0 Backend

UsualToolCMS UTCMS is an enterprise web content management system CMS based on PHP and MySQL. UsualToolCMS v8.0 backend has a directory traversal and arbitrary folder deletion vulnerability, an attacker can traverse to the root directory through the directory traversal vulnerability, and delete...

SQL injection vulnerability in UsualToolCMS backend a***_bo***_ca***.php file

UsualToolCMS UTCMS is an enterprise web content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in the UsualToolCMS backend aboca.php file. An attacker can exploit the vulnerability to obtain sensitive database information...

SQL injection vulnerability in UsualToolCMS backend a***_te***.php

UsualToolCMS UTCMS is an enterprise web content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in the backend ate.php of UsualToolCMS. An attacker can exploit the vulnerability to obtain sensitive database information...

Logic flaw vulnerability exists in UsualToolCMS of Chengdu Comfidonte Network Technology Co.

UsualToolCMS UTCMS is a content management system and rapid site building framework. A logic flaw vulnerability exists in UsualToolCMS v8.0 build 190101. The vulnerability stems from the program not verifying the identity of the data passed by the processing user. An attacker could overstep his/h...

UsualToolCMS a_ap***.php file has an arbitrary file deletion vulnerability

UsualToolCMS UTCMS is an enterprise web content management system CMS based on PHP and MySQL. An arbitrary file deletion vulnerability exists in the UsualToolCMS aap.php file. An attacker can exploit the vulnerability to delete arbitrary files...

CVE-2018-18422

UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/aadminx.php?x=a URI...