Ucms
CVE-2022-42234
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
There is a file inclusion vulnerability in the template management module in UCMS 1.6
AnalysisAI
There is a file inclusion vulnerability in the template management module in UCMS 1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-552. There is a file inclusion vulnerability in the template management module in UCMS 1.6 Affected products include: Ucms Project Ucms.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning. Rated critical seve
UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file. Rated critical severity (CVSS 9.8), this
File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain serv
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an atta
An issue was discovered in UCMS 1.4.6 and 1.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploi
UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter. Rated critical severi
An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file. R
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter. Rated hi
UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileed
UCMS 1.4.7 has ?do=user_addpost CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no aut
UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash]
user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superu
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today