Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'UCMS'
2021-09-29
CVE-2020-20781
CWE-79
A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields.
2020-11-30
CVE-2020-25537
CWE-434
File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.
2020-09-04
CVE-2020-24981
CWE-863
An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS.
2019-05-21
CVE-2019-12251
CWE-89
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.
2019-03-07
CVE-2018-16804
CWE-79
An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request.
2018-12-30
CVE-2018-20601
CWE-79
UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.
CVE-2018-20600
CWE-79
sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.
CVE-2018-20599
CWE-94
UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.
CVE-2018-20598
CWE-352
UCMS 1.4.7 has ?do=user_addpost CSRF.
CVE-2018-20597
CWE-79
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'UCMS' 