Skip to main content

Imcat

10 CVEs product

Monthly

CVE-2020-23520 HIGH POC This Week

imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Imcat
NVD GitHub
CVSS 3.1
7.2
EPSS
2.2%
CVE-2019-14968 CRITICAL POC Act Now

An issue was discovered in imcat 4.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Imcat
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-8436 MEDIUM POC This Month

imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Imcat
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-20611 MEDIUM POC This Month

imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Imcat
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-20610 MEDIUM POC This Month

imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Imcat
NVD GitHub
CVSS 3.0
4.9
EPSS
1.9%
CVE-2018-20609 MEDIUM POC This Month

imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Imcat
NVD GitHub
CVSS 3.0
5.3
EPSS
2.7%
CVE-2018-20608 HIGH POC THREAT This Week

imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Imcat
NVD GitHub
CVSS 3.0
7.5
EPSS
12.4%
CVE-2018-20607 MEDIUM POC This Month

imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Imcat
NVD GitHub
CVSS 3.0
5.3
EPSS
2.7%
CVE-2018-20606 HIGH POC This Week

imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Imcat
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-20605 CRITICAL POC Act Now

imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Imcat
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
EPSS 2% CVSS 7.2
HIGH POC This Week

imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Imcat
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in imcat 4.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Imcat
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Imcat
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Imcat
NVD GitHub
EPSS 2% CVSS 4.9
MEDIUM POC This Month

imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Imcat
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM POC This Month

imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Imcat
NVD GitHub
EPSS 12% CVSS 7.5
HIGH POC THREAT This Week

imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Imcat
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM POC This Month

imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Imcat
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Imcat
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy