Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'UCMS'
2021-09-29
CVE-2020-20781
CWE-79
A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields.
2020-11-30
CVE-2020-25537
CWE-434
File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.
2020-09-04
CVE-2020-24981
CWE-863
An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS.
2019-05-21
CVE-2019-12251
CWE-89
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.
2019-03-07
CVE-2018-16804
CWE-79
An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request.
2018-12-30
CVE-2018-20601
CWE-79
UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.
CVE-2018-20600
CWE-79
sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.
CVE-2018-20599
CWE-94
UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.
CVE-2018-20598
CWE-352
UCMS 1.4.7 has ?do=user_addpost CSRF.
CVE-2018-20597
CWE-79
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.
Copyright
2024
, cxsecurity.com
Back to Top
Podatności dla 'UCMS' 
Polish
English