Lucene search
K
Ucms ProjectUcms

28 matches found

CVE
CVE
added 2021/07/23 7:39 p.m.81 views

CVE-2021-25809

CVE-2021-25809 affects UCMS 1.5.0 (PHP-based CMS). The vulnerability is an information disclosure: a physical path leakage exposed via the error message produced by adminchannelscache() in top.php. Impact is partial confidentiality breach with no documented exploitation details in the provided so...

5.3CVSS5.1AI score0.00934EPSS
CVE
CVE
added 2022/04/21 7:4 p.m.79 views

CVE-2022-28444

UCMS v1.6 contains an arbitrary file read vulnerability (CVE-2022-28444) that could allow attackers to directly obtain the contents of website files, exposing confidential documents. This is described across multiple sources (Red Hat, CNVD/CNNVD, CVE listing) but the provided documents do not inc...

7.5CVSS7.5AI score0.01505EPSS
CVE
CVE
added 2022/04/21 7:4 p.m.78 views

CVE-2022-28440

The CVE-2022-28440 entry describes an arbitrary file upload vulnerability in UCMS v1.6 that allows an attacker to execute arbitrary code via a crafted PHP file. Affected component: UCMS web CMS version 1.6; vulnerability type: arbitrary file upload leading to remote code execution. According to t...

8.8CVSS8.8AI score0.01612EPSS
CVE
CVE
added 2022/04/21 7:4 p.m.71 views

CVE-2022-28443

Technical details on CVE-2022-28443 are not publicly available in the provided documents. The UCMS v1.6 arbitrary file deletion vulnerability is described at high level; monitor for updates and any vendor advisories for affected versions and mitigations.

9.1CVSS9.3AI score0.00948EPSS
CVE
CVE
added 2022/08/09 4:19 p.m.70 views

CVE-2022-35426

CVE-2022-35426 affects UCMS 1.6. The vulnerability is an arbitrary file upload in the ucms/sadmin/file.php handler, enabling an attacker to upload arbitrary files and potentially impact confidentiality, integrity, and availability. Root cause indicated by multiple sources is a flaw in the file up...

9.8CVSS9.4AI score0.00929EPSS
Web
CVE
CVE
added 2022/09/12 10:10 p.m.56 views

CVE-2022-38297

CVE-2022-38297 affects UCMS v1.6.0 with an authentication bypass that can be exploited via cookie poisoning. The vulnerability has a CVSS v3.1 base score of 9.8 (NETWORK, LOW attack complexity, no privileges required, user interaction not needed; impacts Confidentiality, Integrity, Availability)....

9.8CVSS9.6AI score0.01094EPSS
CVE
CVE
added 2023/03/09 9:48 p.m.55 views

CVE-2023-1303

CVE-2023-1303 affects UCMS 1.6, specifically the System File Management Module and the sadmin/fileedit.php file. The root cause is manipulation of the file argument in that module, leading to an unrestricted upload. The issue can be exploited remotely according to multiple sources, with varying C...

9.8CVSS8AI score0.00792EPSS
Web
CVE
CVE
added 2020/10/23 5:12 p.m.53 views

CVE-2020-25483

UCMS v1.4.8 contains an arbitrary command execution vulnerability in the fopen() function used for file writes. The issue stems from UCMS’s handling of file writes, enabling an attacker to gain access to the server. Public references from NVD, Red Hat, CNVD and others corroborate the vulnerabilit...

9.8CVSS9.6AI score0.0865EPSS
CVE
CVE
added 2018/12/30 9:0 p.m.52 views

CVE-2018-20598

CVE-2018-20598 affects UCMS 1.4.7 and is described in connected records as a Cross-Site Request Forgery (CSRF) vulnerability triggered via the parameter ?do=user_addpost. The vulnerability allows an attacker to abuse CSRF to create an administrator account within UCMS. Root cause is CSRF in the u...

8.8CVSS8.6AI score0.00523EPSS
CVE
CVE
added 2018/09/21 6:0 p.m.51 views

CVE-2018-17320

CVE-2018-17320 affects UCMS 1.4.6. The issue is a stored XSS in the aaddpost.php flow, triggered via the sadmin/aindex.php minfo parameter within the sadmin_aaddpost action. The vulnerability allows injection of arbitrary script/HTML by a remote attacker. The reports in connected documents confir...

6.1CVSS5.8AI score0.00655EPSS
Web
CVE
CVE
added 2021/09/29 10:6 p.m.51 views

CVE-2020-20781

UCMS 1.4.7 has a stored XSS in /ucms/index.php?do=list_edit that allows arbitrary HTML/script via crafted text in title, keywords, description, or content fields. Connected documents provide no exploitation details or remediation patches/versions; no fix/version info is in the supplied materials....

5.4CVSS5.2AI score0.00487EPSS
Web
CVE
CVE
added 2018/12/30 9:0 p.m.50 views

CVE-2018-20599

CVE-2018-20599 affects UCMS 1.4.7, where input during the index.php sadmin_fileedit action can be used to execute arbitrary PHP code, enabling remote code execution. The issue is described across multiple sources (NVD/Red Hat/NVD mirror), confirming that the vulnerability stems from the sadmin_fi...

8.8CVSS9AI score0.01514EPSS
CVE
CVE
added 2019/05/21 3:39 p.m.50 views

CVE-2019-12251

UCMS 1.4.7 is affected by CVE-2019-12251 via sadmin/ceditpost.php. The vulnerability is SQL Injection exploitable over the network through index.php?do=sadmin_ceditpost cvalue parameter, due to improper handling of input. CVSS information indicates high impact to confidentiality, integrity, and a...

8.8CVSS9.1AI score0.01269EPSS
Web
CVE
CVE
added 2022/10/14 12:0 a.m.50 views

CVE-2022-42234

Summary: CVE-2022-42234 is a file inclusion vulnerability in the template management module of UCMS 1.6. The Red Hat, NVD, and other feeds confirm a vulnerability in UCMS 1.6, with CVSSv3.1 impacts: CVSS 3.1 base score 8.8 (HIGH) across confidentiality, integrity, and availability, confirmed with...

8.8CVSS8.6AI score0.00814EPSS
CVE
CVE
added 2018/09/14 7:0 a.m.49 views

CVE-2018-17036

UCMS 1.4.6 and 1.6 have a PHP code injection vulnerability in the installer. The flaw occurs in the install/index.php flow via the systemdomain parameter, enabling injection and execution of PHP code (demonstrated by injecting a phpinfo() call into /inc/config.php). Root cause, as described in mu...

9.8CVSS9.5AI score0.01658EPSS
Web
CVE
CVE
added 2020/09/04 7:45 p.m.47 views

CVE-2020-24981

CVE-2020-24981 is an Incorrect Access Control vulnerability affecting UCMS 1.4.8, with the issue located in /ucms/chk.php. The underlying problem permits information leakage through error messages when the site built with UCMS is accessed directly. Multiple connected sources (Red Hat, CNVD, NVD, ...

5.3CVSS5.2AI score0.00952EPSS
CVE
CVE
added 2018/11/22 5:0 a.m.46 views

CVE-2018-19437

CVE-2018-19437 affects UCMS 1.4.7. The vulnerability allows remote authenticated users to change the administrator password via cookie-based authentication: $COOKIE['admin '.cookiehash] can be set to arbitrary non-empty values. This is the root cause and leads to admin access compromise. CVSS det...

8.8CVSS8.4AI score0.01124EPSS
CVE
CVE
added 2018/12/30 9:0 p.m.46 views

CVE-2018-20601

UCMS 1.4.7 is affected by a Cross‑Site Scripting (XSS) flaw in the description parameter used by the index.php list_editpost action. The root cause, as described across sources, is unescaped or insufficiently sanitized input in the description field that can be reflected in the rendered page. Thi...

4.8CVSS4.9AI score0.00559EPSS
CVE
CVE
added 2020/11/30 5:17 p.m.45 views

CVE-2020-25537

CVE-2020-25537 affects UCMS 1.5.0. The vulnerability is a file upload issue that, per the provided documents, can allow an attacker to obtain server management permissions. The description appears consistently across sources, but the connected documents do not provide technical details on the roo...

10CVSS9.3AI score0.01834EPSS
CVE
CVE
added 2022/09/19 9:16 p.m.45 views

CVE-2022-38527

CVE-2022-38527 : UCMS v1.6.0 contains a cross-site scripting (XSS) vulnerability via the Import function in the Site Management page. The provided sources consistently identify UCMS 1.6.0 and the Import function as the vulnerable vector, with the root cause described as an XSS flaw and no public ...

6.1CVSS6AI score0.00468EPSS
CVE
CVE
added 2019/03/07 10:0 p.m.44 views

CVE-2018-16804

CVE-2018-16804 affects UCMS 1.4.6 and describes a cross-site scripting vulnerability in the title bar, demonstrated by a do=list request. The connected documents corroborate XSS in UCMS 1.4.6 with no additional exploit details, affected components, or confirmed patches provided. No remediation st...

6.1CVSS5.9AI score0.00826EPSS
CVE
CVE
added 2018/09/14 7:0 a.m.43 views

CVE-2018-17035

The vulnerability CVE-2018-17035 affects UCMS 1.4.6, where an SQL injection can occur during installation via the install/index.php mysql_dbname parameter. Affected component is UCMS (PHP-based CMS); root cause is unsafely handled mysql_dbname input during setup, enabling potential SQL command ex...

9.8CVSS9.8AI score0.01135EPSS
Web
CVE
CVE
added 2018/12/30 9:0 p.m.43 views

CVE-2018-20597

UCMS 1.4.7 is affected by a cross-site scripting (XSS) vulnerability caused by unsafely handling the dir parameter in the sadmin_fileedit action of index.php. The issue allows injection of arbitrary HTML/JavaScript in user-visible pages. No exploits or practical in-the-wild details are provided i...

4.8CVSS4.9AI score0.00553EPSS
CVE
CVE
added 2018/09/14 7:0 a.m.41 views

CVE-2018-17037

UCMS 1.4.6 contains a privilege-escalation vulnerability in user/editpost.php that lets an attacker move from user level 1 to superuser level 3. The root cause is described as the application mishandling privilege levels, enabling elevation without exploit specifics. Affected software: UCMS 1.4.6...

8.8CVSS8.7AI score0.00957EPSS
CVE
CVE
added 2018/09/14 7:0 a.m.40 views

CVE-2018-17034

UCMS 1.4.6 contains a Cross-Site Scripting (XSS) vulnerability controllable via the mysql_dbname parameter in install/index.php. Multiple connected sources (NVD entry CVE-2018-17034 and CNVD/CVE listings) confirm an XSS flaw capable of injecting arbitrary scripts/HTML in affected users’ browsers....

6.1CVSS6AI score0.00675EPSS
Web
CVE
CVE
added 2023/09/17 1:31 a.m.39 views

CVE-2023-5015

CVE-2023-5015 affects UCMS 1.4.7. The vulnerability lies in an unknown function in the file ajax.php?do=strarraylist, where manipulation of the argument strdefault leads to a cross-site scripting (XSS) condition. The issue is exploitable remotely, and the public exploit has been disclosed. Severa...

6.1CVSS4.5AI score0.00435EPSS
CVE
CVE
added 2018/12/30 9:0 p.m.37 views

CVE-2018-20600

CVE-2018-20600 affects UCMS 1.4.7 where sadmin\cedit.php is vulnerable to cross-site scripting via the index.php sadmin_cedit action. The vulnerability allows injection of arbitrary web script or HTML, with the CVSS 3.0/2.0 metrics indicating network access, no authentication, user interaction re...

6.1CVSS5.9AI score0.00707EPSS
CVE
CVE
added 2023/04/26 6:0 a.m.35 views

CVE-2023-2294

CVE-2023-2294 affects UCMS 1.6.0. The vulnerability is in the file saddpost.php of the Column Configuration component, where manipulating the parameter strorder can lead to a cross-site scripting (XSS) vulnerability. The issue can be exploited remotely and has been disclosed publicly. Multiple co...

6.1CVSS4.8AI score0.00549EPSS