Lucene search
K

44 matches found

CNVD
CNVD
added 2019/02/15 12:0 a.m.1 views

UsualToolCMS 8.0 Release frontend se***.php suffers from SQL Injection Vulnerability

UsualToolCMS UTCMS is a content management system and rapid site building framework. UsualToolCMS front-end se.php suffers from a sql injection vulnerability, which can be exploited by attackers to manipulate the database...

7.3AI score
Exploits0
CNVD
CNVD
added 2019/02/13 12:0 a.m.1 views

UsualToolCMS v8.0 Release a_b***_ca***.php page has SQL injection vulnerability

UsualToolCMS is an enterprise-level web content management system written in PHP+MYSQL that uses template separation technology to support the creation of multiple types of sites. UsualToolCMS v8.0 Release A SQL injection vulnerability exists in the abca.php page. An attacker can exploit the...

7.9AI score
Exploits0
Prion
Prion
added 2019/01/12 2:29 a.m.16 views

Cross site request forgery (csrf)

An issue was discovered in UsualToolCMS 8.0. cmsadmin/asqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file...

6.8CVSS9.1AI score0.00523EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/01/12 2:29 a.m.12 views

CVE-2019-6244

An issue was discovered in UsualToolCMS 8.0. cmsadmin/asqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file...

8.8CVSS9.1AI score0.00523EPSS
Exploits1References1
OSV
OSV
added 2019/01/12 2:29 a.m.6 views

CVE-2019-6244

An issue was discovered in UsualToolCMS 8.0. cmsadmin/asqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file...

8.8CVSS7.6AI score0.00523EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/01/12 2:0 a.m.18 views

CVE-2019-6244

An issue was discovered in UsualToolCMS 8.0. cmsadmin/asqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file...

9.1AI score0.00523EPSS
Exploits1References1
CVE
CVE
added 2019/01/12 2:0 a.m.44 views

CVE-2019-6244

Vulnerability summary (CVE-2019-6244): In UsualToolCMS 8.0, nonce CSRF protection flaw in the endpoint cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can trigger SQL statements and, consequently, write arbitrary PHP code to a .php file. This is documented across multiple sources (NVD entr...

8.8CVSS9AI score0.00523EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/12/17 12:0 a.m.4 views

UsualToolCMS Arbitrary File Deletion Vulnerability

UsualToolCMS UTCMS is an enterprise web content management system CMS based on PHP and MySQL. An arbitrary file deletion vulnerability exists in the cmsadmin\asqlback.php file in UTCMS version 8.0, which can be exploited by remote attackers to delete arbitrary files with the help of the 'backname...

7.5CVSS7.1AI score0.01545EPSS
Exploits1References1
Prion
Prion
added 2018/12/13 8:29 a.m.16 views

Directory traversal

An issue was discovered in UsualToolCMS v8.0. cmsadmin\asqlback.php allows remote attackers to delete arbitrary files via a backname directory-traversal pathname followed by a crafted substring...

6.4CVSS7.5AI score0.01545EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/12/13 8:29 a.m.14 views

CVE-2018-20128

An issue was discovered in UsualToolCMS v8.0. cmsadmin\asqlback.php allows remote attackers to delete arbitrary files via a backname directory-traversal pathname followed by a crafted substring...

7.5CVSS7.5AI score0.01545EPSS
Exploits1References1
OSV
OSV
added 2018/12/13 8:29 a.m.3 views

CVE-2018-20128

An issue was discovered in UsualToolCMS v8.0. cmsadmin\asqlback.php allows remote attackers to delete arbitrary files via a backname directory-traversal pathname followed by a crafted substring...

7.5CVSS5.9AI score0.01545EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/12/13 8:0 a.m.18 views

CVE-2018-20128

An issue was discovered in UsualToolCMS v8.0. cmsadmin\asqlback.php allows remote attackers to delete arbitrary files via a backname directory-traversal pathname followed by a crafted substring...

7.5AI score0.01545EPSS
Exploits1References1
CVE
CVE
added 2018/12/13 8:0 a.m.54 views

CVE-2018-20128

UsualToolCMS v8.0 (UTCMS) contains a vulnerability in cmsadmin\a_sqlback.php where a backname[] directory-traversal pathname can be crafted to delete arbitrary files. Remote attackers could exploit this to delete arbitrary files on the affected system. The root cause is a directory-traversal in t...

7.5CVSS7.4AI score0.01545EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/11/06 12:0 a.m.2 views

UsualToolCMS sh***.php file has SQL injection vulnerability

UsualToolCMS is an enterprise-level web content management system written in PHP+MYSQL that uses template separation technology to support the creation of multiple types of sites. A SQL injection vulnerability exists in the UsualToolCMS sh.php file. An attacker can exploit the vulnerability to...

7.9AI score
Exploits0
CNVD
CNVD
added 2018/11/06 12:0 a.m.1 views

SQL injection vulnerability in UsualToolCMS backend a_a***.php file

UsualToolCMS is an enterprise-level web content management system written in PHP+MYSQL that uses template separation technology to support the creation of multiple types of sites. A SQL injection vulnerability exists in the aa.php file in the backend of UsualToolCMS. An attacker can exploit the...

7.7AI score
Exploits0
CNVD
CNVD
added 2018/11/05 12:0 a.m.3 views

SQL Injection Vulnerability in UsualToolCMS a_a***.php File

UsualToolCMS is an enterprise-level web content management system written in PHP+MYSQL that uses template separation technology to support the creation of multiple types of sites. A SQL injection vulnerability exists in the UsualToolCMS aa.php file. An attacker can exploit the vulnerability to...

7.9AI score
Exploits0
NVD
NVD
added 2018/10/17 4:29 a.m.13 views

CVE-2018-18422

UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/aadminx.php?x=a URI...

8.8CVSS8.7AI score0.00494EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/10/17 4:0 a.m.23 views

CVE-2018-18422

UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/aadminx.php?x=a URI...

8.8AI score0.00494EPSS
Exploits1References1
CVE
CVE
added 2018/10/17 4:0 a.m.41 views

CVE-2018-18422

CVE-2018-18422 affects UsualToolCMS 8.0. The vulnerability is a CSRF flaw that allows an attacker to add a new user via the path cmsadmin/a_adminx.php?x=a. Reported CVSS metrics: CVSS v2 base 6.8 (MEDIUM) and CVSS v3 base 8.8 (HIGH). Root cause: CSRF in the user-creation flow. Impact details are ...

8.8CVSS8.6AI score0.00494EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/10/16 12:0 a.m.1 views

SQL Injection Vulnerability in UsualToolCMS pa***.php File

UsualToolCMS is an enterprise-level web content management system written in PHP+MYSQL that uses template separation technology to support the creation of multiple types of sites. A SQL injection vulnerability exists in the UsualToolCMS pa.php file. An attacker can exploit the vulnerability to...

7.9AI score
Exploits0
Rows per page
Query Builder