Skip to main content

Ucms

26 CVEs product

Monthly

CVE-2023-5015 MEDIUM POC This Month

A vulnerability was found in UCMS 1.4.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ucms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-2294 MEDIUM POC This Month

A vulnerability was found in UCMS 1.6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ucms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1303 CRITICAL Act Now

A vulnerability was found in UCMS 1.6 and classified as critical.php of the component System File Management Module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Ucms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-42234 HIGH POC This Week

There is a file inclusion vulnerability in the template management module in UCMS 1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Ucms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-38527 MEDIUM POC This Month

UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38297 CRITICAL POC Act Now

UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ucms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-35426 CRITICAL POC Act Now

UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ucms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-28444 HIGH POC This Week

UCMS v1.6 was discovered to contain an arbitrary file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ucms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-28443 CRITICAL Act Now

UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ucms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-28440 HIGH POC This Week

An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Ucms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-25809 MEDIUM POC This Month

UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Ucms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-25537 CRITICAL POC Act Now

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ucms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-25483 CRITICAL POC Act Now

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ucms
NVD
CVSS 3.1
9.8
EPSS
8.6%
CVE-2020-24981 MEDIUM POC This Month

An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Ucms
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-12251 HIGH POC This Week

sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ucms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-20601 MEDIUM POC This Month

UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-20600 MEDIUM POC This Month

sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ucms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-20599 HIGH POC This Week

UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Ucms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-20598 HIGH POC This Week

UCMS 1.4.7 has ?do=user_addpost CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ucms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-20597 MEDIUM POC This Month

UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-19437 HIGH POC This Week

UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ucms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-17320 MEDIUM This Month

An issue was discovered in UCMS 1.4.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Ucms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-17037 HIGH POC This Week

user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Ucms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-17036 CRITICAL POC Act Now

An issue was discovered in UCMS 1.4.6 and 1.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Ucms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2018-17035 CRITICAL POC Act Now

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ucms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-17034 MEDIUM POC This Month

UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ucms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A vulnerability was found in UCMS 1.4.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ucms
NVD GitHub VulDB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

A vulnerability was found in UCMS 1.6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ucms
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in UCMS 1.6 and classified as critical.php of the component System File Management Module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Ucms
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

There is a file inclusion vulnerability in the template management module in UCMS 1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Ucms
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ucms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ucms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ucms
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

UCMS v1.6 was discovered to contain an arbitrary file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ucms
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ucms
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Ucms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ucms
NVD GitHub
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ucms
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Ucms
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ucms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ucms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ucms
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

UCMS 1.4.7 has ?do=user_addpost CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ucms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ucms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ucms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in UCMS 1.4.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Ucms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Ucms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in UCMS 1.4.6 and 1.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ucms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ucms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy