CVE-2020-22818

MKCMS V6.2 contains a SQL injection vulnerability in the /ucenter/reg.php endpoint, exploitable via the name parameter. Affected software: MKCMS V6.2; vulnerability type: SQL injection; root cause: unsanitized input in the name parameter leading to database query manipulation. Potential impact pe...

CVE-2020-22819

CVE-2020-22819 affects MKCMS V6.2, with a SQL injection in the /ucenter/active.php endpoint via the verify parameter. Public documents consistently describe an SQLi vulnerability in MKCMS 6.2 hosted parameter, leading to high-impact confidentiality/integrity/availability (CVSS 3.1 base 9.8). Root...

CVE-2019-11332

The CVE-2019-11332 entry concerns MKCMS 5.0. Affected component: the repass.php flow in ucenter. The issue allows remote attackers to takeover arbitrary user accounts by posting a username and e-mail address, which triggers an e‑mail containing the user’s password (demo: 123456). The Red Hat and ...

CVE-2019-11078

Summary: CVE-2019-11078 affects MKCMS V5.0, where a CSRF flaw in the ucenter/userinfo.php endpoint allows adding a new admin user. The underlying issue is lack of proper request validation, enabling an attacker-controlled cross-site request to perform privileged action without user consent. Impac...

CVE-2019-10707

MKCMS V5.0 is affected by a SQL injection vulnerability in the bplay.php play parameter. The root cause is inadequate validation of externally supplied SQL statements, per CNVD-2019-14075 and related entries, with Red Hat and CVE databases confirming the same issue. Impact is described as high/cr...

CVE-2020-22820

MKCMS V6.2 is affected by an SQL injection vulnerability in the /ucenter/repass.php endpoint, exploitable via the name parameter. The CVSS vector indicates network access, no authentication, and high impact on confidentiality, integrity, and availability (score 9.8). Several connected sources cor...