Skip to main content

Mkcms

3 CVEs product

Monthly

CVE-2019-11332 HIGH POC This Week

MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Mkcms
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-11078 HIGH POC This Week

MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Mkcms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-10707 CRITICAL POC Act Now

MKCMS V5.0 has SQL injection via the bplay.php play parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Mkcms
NVD
CVSS 3.0
9.8
EPSS
1.5%
EPSS 2% CVSS 8.8
HIGH POC This Week

MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Mkcms
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Mkcms
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

MKCMS V5.0 has SQL injection via the bplay.php play parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Mkcms
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy