RSS   Vulnerabilities for 'Usualtoolcms'   RSS

2019-01-11
 
CVE-2019-6244

CWE-352
 

 
An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file.

 
2018-12-13
 
CVE-2018-20128

CWE-22
 

 
An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring.

 
2018-10-17
 
CVE-2018-18422

CWE-352
 

 
UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI.

 


Copyright 2019, cxsecurity.com

 

Back to Top