RSS   Vulnerabilities for 'Imcat'   RSS

2021-08-18
 
CVE-2020-22120

CWE-94
 

 
A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.

 
2021-06-23
 
CVE-2020-20392

CWE-89
 

 
SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.

 
2020-12-09
 
CVE-2020-23520

CWE-434
 

 
imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality.

 
2019-08-12
 
CVE-2019-14968

CWE-89
 

 
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.

 
2019-02-17
 
CVE-2019-8436

CWE-79
 

 
imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.

 
2018-12-30
 
CVE-2018-20611

CWE-79
 

 
imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI.

 
 
CVE-2018-20610

CWE-22
 

 
imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter.

 
 
CVE-2018-20609

CWE-200
 

 
imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI.

 
 
CVE-2018-20608

CWE-200
 

 
imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.

 
 
CVE-2018-20607

CWE-200
 

 
imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI.

 


Copyright 2024, cxsecurity.com

 

Back to Top