Imcat Security Vulnerabilities and Issues — Imcat CVE List

Lucene search

TxjiaImcat

16 matches found

CVE•added 2018/12/30 9:29 p.m.•52 views

CVE-2018-20605

imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.

9.8CVSS9.7AI score0.00994EPSS

CVE•added 2021/08/18 6:15 p.m.•43 views

CVE-2020-22120

A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.

8.8CVSS9AI score0.02375EPSS

CVE•added 2019/08/12 6:15 p.m.•41 views

CVE-2019-14968

An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.

9.8CVSS9.8AI score0.00264EPSS

CVE•added 2018/12/30 9:29 p.m.•38 views

CVE-2018-20608

imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.

7.5CVSS7.4AI score0.63562EPSS

CVE•added 2021/06/23 3:15 p.m.•38 views

CVE-2020-20392

SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.

9.8CVSS9.9AI score0.01031EPSS

CVE•added 2018/12/30 9:29 p.m.•36 views

CVE-2018-20607

imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI.

5.3CVSS5.1AI score0.03433EPSS

CVE•added 2023/02/03 6:15 p.m.•33 views

CVE-2021-36444

Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page.

8.8CVSS9AI score0.00293EPSS

CVE•added 2018/12/30 9:29 p.m.•32 views

CVE-2018-20611

imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI.

6.1CVSS5.8AI score0.0021EPSS

CVE•added 2023/02/03 6:15 p.m.•31 views

CVE-2021-36443

Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.

8.8CVSS8.8AI score0.00293EPSS

CVE•added 2019/02/18 12:29 a.m.•29 views

CVE-2019-8436

imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.

5.4CVSS5.2AI score0.0018EPSS

CVE•added 2023/02/24 4:15 p.m.•28 views

CVE-2021-35370

An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.

9.8CVSS9.7AI score0.00739EPSS

CVE•added 2018/12/30 9:29 p.m.•27 views

CVE-2018-20610

imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter.

4.9CVSS5.2AI score0.00825EPSS

CVE•added 2020/12/09 4:15 p.m.•27 views

CVE-2020-23520

imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality.

7.2CVSS7.4AI score0.02516EPSS

CVE•added 2018/12/30 9:29 p.m.•26 views

CVE-2018-20606

imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI.

7.5CVSS7.3AI score0.07033EPSS

CVE•added 2018/12/30 9:29 p.m.•26 views

CVE-2018-20609

imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI.

5.3CVSS5.1AI score0.03433EPSS

CVE•added 2023/02/24 4:15 p.m.•25 views

CVE-2021-35369

Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the filtering_get_contents function.

6.5CVSS6.2AI score0.0008EPSS