CVE-2020-22120

A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.

CVE-2020-20392

SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.