Ucms Project: Security Vulnerabilities
A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-29
UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-07-23
File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-11-30
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVSS Score
9.8
EPSS Score
0.491
Published
2020-10-23
An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-09-04
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-05-21
An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-07
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-30
UCMS 1.4.7 has ?do=user_addpost CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-12-30
UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.
CVSS Score
8.8
EPSS Score
0.009
Published
2018-12-30