RSS   Vulnerabilities for 'Mkcms'   RSS

2019-04-18
 
CVE-2019-11332

CWE-287
 

 
MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456.

 
2019-04-10
 
CVE-2019-11078

CWE-352
 

 
MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI.

 
2019-04-02
 
CVE-2019-10707

CWE-89
 

 
MKCMS V5.0 has SQL injection via the bplay.php play parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top