Skip to main content

Ucms CVE-2022-42234

HIGH
Files or Directories Accessible to External Parties (CWE-552)
2022-10-14 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 14, 2022 - 17:15 nvd
HIGH 8.8

DescriptionNVD

There is a file inclusion vulnerability in the template management module in UCMS 1.6

AnalysisAI

There is a file inclusion vulnerability in the template management module in UCMS 1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-552. There is a file inclusion vulnerability in the template management module in UCMS 1.6 Affected products include: Ucms Project Ucms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Ucms

View all
CVE-2022-38297 CRITICAL POC
9.8 Sep 12

UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning. Rated critical seve

CVE-2022-35426 CRITICAL POC
9.8 Aug 10

UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file. Rated critical severity (CVSS 9.8), this

CVE-2020-25537 CRITICAL POC
9.8 Nov 30

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain serv

CVE-2020-25483 CRITICAL POC
9.8 Oct 23

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an atta

CVE-2018-17036 CRITICAL POC
9.8 Sep 14

An issue was discovered in UCMS 1.4.6 and 1.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploi

CVE-2018-17035 CRITICAL POC
9.8 Sep 14

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter. Rated critical severi

CVE-2022-28440 HIGH POC
8.8 Apr 21

An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file. R

CVE-2019-12251 HIGH POC
8.8 May 21

sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter. Rated hi

CVE-2018-20599 HIGH POC
8.8 Dec 30

UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileed

CVE-2018-20598 HIGH POC
8.8 Dec 30

UCMS 1.4.7 has ?do=user_addpost CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no aut

CVE-2018-19437 HIGH POC
8.8 Nov 22

UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash]

CVE-2018-17037 HIGH POC
8.8 Sep 14

user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superu

Share

CVE-2022-42234 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy