44 matches found
UsualToolCMS 8.0 Release frontend se***.php suffers from SQL Injection Vulnerability
UsualToolCMS UTCMS is a content management system and rapid site building framework. UsualToolCMS front-end se.php suffers from a sql injection vulnerability, which can be exploited by attackers to manipulate the database...
UsualToolCMS v8.0 Release a_b***_ca***.php page has SQL injection vulnerability
UsualToolCMS is an enterprise-level web content management system written in PHP+MYSQL that uses template separation technology to support the creation of multiple types of sites. UsualToolCMS v8.0 Release A SQL injection vulnerability exists in the abca.php page. An attacker can exploit the...
Cross site request forgery (csrf)
An issue was discovered in UsualToolCMS 8.0. cmsadmin/asqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file...
CVE-2019-6244
An issue was discovered in UsualToolCMS 8.0. cmsadmin/asqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file...
CVE-2019-6244
An issue was discovered in UsualToolCMS 8.0. cmsadmin/asqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file...
CVE-2019-6244
An issue was discovered in UsualToolCMS 8.0. cmsadmin/asqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file...
CVE-2019-6244
Vulnerability summary (CVE-2019-6244): In UsualToolCMS 8.0, nonce CSRF protection flaw in the endpoint cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can trigger SQL statements and, consequently, write arbitrary PHP code to a .php file. This is documented across multiple sources (NVD entr...
UsualToolCMS Arbitrary File Deletion Vulnerability
UsualToolCMS UTCMS is an enterprise web content management system CMS based on PHP and MySQL. An arbitrary file deletion vulnerability exists in the cmsadmin\asqlback.php file in UTCMS version 8.0, which can be exploited by remote attackers to delete arbitrary files with the help of the 'backname...
Directory traversal
An issue was discovered in UsualToolCMS v8.0. cmsadmin\asqlback.php allows remote attackers to delete arbitrary files via a backname directory-traversal pathname followed by a crafted substring...
CVE-2018-20128
An issue was discovered in UsualToolCMS v8.0. cmsadmin\asqlback.php allows remote attackers to delete arbitrary files via a backname directory-traversal pathname followed by a crafted substring...
CVE-2018-20128
An issue was discovered in UsualToolCMS v8.0. cmsadmin\asqlback.php allows remote attackers to delete arbitrary files via a backname directory-traversal pathname followed by a crafted substring...
CVE-2018-20128
An issue was discovered in UsualToolCMS v8.0. cmsadmin\asqlback.php allows remote attackers to delete arbitrary files via a backname directory-traversal pathname followed by a crafted substring...
CVE-2018-20128
UsualToolCMS v8.0 (UTCMS) contains a vulnerability in cmsadmin\a_sqlback.php where a backname[] directory-traversal pathname can be crafted to delete arbitrary files. Remote attackers could exploit this to delete arbitrary files on the affected system. The root cause is a directory-traversal in t...
UsualToolCMS sh***.php file has SQL injection vulnerability
UsualToolCMS is an enterprise-level web content management system written in PHP+MYSQL that uses template separation technology to support the creation of multiple types of sites. A SQL injection vulnerability exists in the UsualToolCMS sh.php file. An attacker can exploit the vulnerability to...
SQL injection vulnerability in UsualToolCMS backend a_a***.php file
UsualToolCMS is an enterprise-level web content management system written in PHP+MYSQL that uses template separation technology to support the creation of multiple types of sites. A SQL injection vulnerability exists in the aa.php file in the backend of UsualToolCMS. An attacker can exploit the...
SQL Injection Vulnerability in UsualToolCMS a_a***.php File
UsualToolCMS is an enterprise-level web content management system written in PHP+MYSQL that uses template separation technology to support the creation of multiple types of sites. A SQL injection vulnerability exists in the UsualToolCMS aa.php file. An attacker can exploit the vulnerability to...
CVE-2018-18422
UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/aadminx.php?x=a URI...
CVE-2018-18422
UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/aadminx.php?x=a URI...
CVE-2018-18422
CVE-2018-18422 affects UsualToolCMS 8.0. The vulnerability is a CSRF flaw that allows an attacker to add a new user via the path cmsadmin/a_adminx.php?x=a. Reported CVSS metrics: CVSS v2 base 6.8 (MEDIUM) and CVSS v3 base 8.8 (HIGH). Root cause: CSRF in the user-creation flow. Impact details are ...
SQL Injection Vulnerability in UsualToolCMS pa***.php File
UsualToolCMS is an enterprise-level web content management system written in PHP+MYSQL that uses template separation technology to support the creation of multiple types of sites. A SQL injection vulnerability exists in the UsualToolCMS pa.php file. An attacker can exploit the vulnerability to...