Mkcms
Monthly
MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
MKCMS V5.0 has SQL injection via the bplay.php play parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
MKCMS V5.0 has SQL injection via the bplay.php play parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.