Security Vulnerabilities - CVEs Published In 2018
UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-30
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-12-30
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-12-30
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file.
CVSS Score
4.9
EPSS Score
0.004
Published
2018-12-30
imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-12-30
imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI.
CVSS Score
7.5
EPSS Score
0.07
Published
2018-12-30
imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI.
CVSS Score
5.3
EPSS Score
0.034
Published
2018-12-30
imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.
CVSS Score
7.5
EPSS Score
0.636
Published
2018-12-30
imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI.
CVSS Score
5.3
EPSS Score
0.034
Published
2018-12-30
imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter.
CVSS Score
4.9
EPSS Score
0.008
Published
2018-12-30