Ucms@1.4.6 Security Vulnerabilities and Issues — Ucms@1.4.6 CVE List

Lucene search

Ucms ProjectUcms1.4.6

6 matches found

CVE•added 2018/09/21 6:29 p.m.•37 views

CVE-2018-17320

An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action.

6.1CVSS5.8AI score0.0024EPSS

CVE•added 2018/09/14 7:29 a.m.•36 views

CVE-2018-17036

An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.

9.8CVSS9.5AI score0.00513EPSS

CVE•added 2019/03/07 11:29 p.m.•33 views

CVE-2018-16804

An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2018/09/14 7:29 a.m.•33 views

CVE-2018-17037

user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3.

8.8CVSS8.7AI score0.00377EPSS

CVE•added 2018/09/14 7:29 a.m.•31 views

CVE-2018-17035

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.

9.8CVSS9.8AI score0.00264EPSS

CVE•added 2018/09/14 7:29 a.m.•30 views

CVE-2018-17034

UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter.

6.1CVSS6AI score0.0024EPSS