U5cms Security Vulnerabilities and Issues — U5cms CVE List

Lucene search

YubaU5cms

4 matches found

CVE•added 2015/02/11 7:59 p.m.•64 views

CVE-2015-1577

Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter.

6.4CVSS7AI score0.103EPSS

CVE•added 2015/02/11 7:59 p.m.•52 views

CVE-2015-1576

Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/; (7) c parameter to u5admin/editor.php; (8) typ pa...

7.5CVSS8.8AI score0.00826EPSS

CVE•added 2015/02/11 7:59 p.m.•48 views

CVE-2015-1575

Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php; the (5) a or (6) b parameter to u5admin/cookie.php; the name parameter to (7) copy.php or (8) delete....

4.3CVSS5.8AI score0.04307EPSS

CVE•added 2015/02/11 7:59 p.m.•43 views

CVE-2015-1578

Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) pidvesa cookie to u5admin/pidvesa.php or (2) uri parameter to u5admin/meta2.php.

5.8CVSS7AI score0.03894EPSS