Lucene search

Usualtool Security Vulnerabilities

cve

CVE-2019-6244

An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php...

8.8CVSS

9AI Score

0.001EPSS

2019-01-12 02:29 AM

cve

CVE-2018-20128

An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted...

7.5CVSS

7.4AI Score

0.002EPSS

2018-12-13 08:29 AM

cve

CVE-2018-18422

UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a...

8.8CVSS

8.6AI Score

0.001EPSS

2018-10-17 04:29 AM