Ucms@1.4.7 Security Vulnerabilities and Issues — Ucms@1.4.7 CVE List

Lucene search

Ucms ProjectUcms1.4.7

6 matches found

CVE•added 2018/12/30 9:29 p.m.•39 views

CVE-2018-20598

UCMS 1.4.7 has ?do=user_addpost CSRF.

8.8CVSS8.6AI score0.00141EPSS

CVE•added 2018/12/30 9:29 p.m.•37 views

CVE-2018-20599

UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.

8.8CVSS9AI score0.00873EPSS

CVE•added 2018/11/22 5:29 a.m.•33 views

CVE-2018-19437

UCMS 1.4.7 allows remote authenticated users to change the administrator password because $COOKIE['admin '.cookiehash] is used for arbitrary cookie values that are set and not empty.

8.8CVSS8.4AI score0.00314EPSS

CVE•added 2018/12/30 9:29 p.m.•33 views

CVE-2018-20601

UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.

4.8CVSS4.9AI score0.00235EPSS

CVE•added 2018/12/30 9:29 p.m.•32 views

CVE-2018-20597

UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.

4.8CVSS4.9AI score0.00215EPSS

CVE•added 2018/12/30 9:29 p.m.•27 views

CVE-2018-20600

sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.

6.1CVSS5.9AI score0.0024EPSS