Skip to main content

U5Cms

7 CVEs product

Monthly

CVE-2022-34937 HIGH POC This Week

Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF PHP U5Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-32444 MEDIUM POC This Month

An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect U5Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2022-32442 MEDIUM POC This Month

u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS U5Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2015-1578 MEDIUM POC This Month

Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) pidvesa cookie to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Open Redirect U5Cms
NVD Exploit-DB
CVSS 2.0
5.8
EPSS
4.5%
CVE-2015-1577 MEDIUM POC THREAT This Month

Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.3%.

Path Traversal PHP U5Cms
NVD Exploit-DB
CVSS 2.0
6.4
EPSS
10.3%
CVE-2015-1576 HIGH POC This Week

Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi U5Cms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.8%
CVE-2015-1575 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php;. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP U5Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.3%
EPSS 1% CVSS 8.8
HIGH POC This Week

Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF PHP +1
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect U5Cms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS U5Cms
NVD GitHub
EPSS 4% CVSS 5.8
MEDIUM POC This Month

Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) pidvesa cookie to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Open Redirect U5Cms
NVD Exploit-DB
EPSS 10% CVSS 6.4
MEDIUM POC THREAT This Month

Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.3%.

Path Traversal PHP U5Cms
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH POC This Week

Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi U5Cms
NVD Exploit-DB
EPSS 4% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php;. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP U5Cms
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy