Mkcms Security Vulnerabilities and Issues — Mkcms CVE List

Lucene search

Mkcms ProjectMkcms

6 matches found

CVE•added 2022/11/03 5:15 p.m.•46 views

CVE-2020-22818

MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.

9.8CVSS9.8AI score0.00059EPSS

CVE•added 2022/11/03 5:15 p.m.•36 views

CVE-2020-22819

MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.

9.8CVSS9.8AI score0.00059EPSS

CVE•added 2019/04/18 11:29 p.m.•34 views

CVE-2019-11332

MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456.

8.8CVSS8.6AI score0.00586EPSS

CVE•added 2019/04/11 2:29 a.m.•31 views

CVE-2019-11078

MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI.

8.8CVSS8.5AI score0.00145EPSS

CVE•added 2019/04/02 7:29 p.m.•28 views

CVE-2019-10707

MKCMS V5.0 has SQL injection via the bplay.php play parameter.

9.8CVSS9.8AI score0.00307EPSS

CVE•added 2022/11/03 5:15 p.m.•26 views

CVE-2020-22820

MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.

9.8CVSS9.8AI score0.00059EPSS