Ucms Security Vulnerabilities and Issues — Ucms CVE List | Vulners.com

Lucene search

K

Ucms ProjectUcms

7 matches found

CVE•added 2022/04/21 8:15 p.m.•64 views

CVE-2022-28440

An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file.

8.8CVSS8.8AI score0.00885EPSS

CVE•added 2018/12/30 9:29 p.m.•39 views

CVE-2018-20598

UCMS 1.4.7 has ?do=user_addpost CSRF.

8.8CVSS8.6AI score0.00141EPSS

CVE•added 2018/12/30 9:29 p.m.•37 views

CVE-2018-20599

UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.

8.8CVSS9AI score0.00873EPSS

CVE•added 2022/10/14 5:15 p.m.•37 views

CVE-2022-42234

There is a file inclusion vulnerability in the template management module in UCMS 1.6

8.8CVSS8.6AI score0.00084EPSS

CVE•added 2018/09/14 7:29 a.m.•33 views

CVE-2018-17037

user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3.

8.8CVSS8.7AI score0.00377EPSS

CVE•added 2018/11/22 5:29 a.m.•33 views

CVE-2018-19437

UCMS 1.4.7 allows remote authenticated users to change the administrator password because $COOKIE['admin '.cookiehash] is used for arbitrary cookie values that are set and not empty.

8.8CVSS8.4AI score0.00314EPSS

CVE•added 2019/05/21 4:29 p.m.•33 views

CVE-2019-12251

sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.

8.8CVSS9.1AI score0.00257EPSS