Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the filtering_get_contents function.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-02-24
An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-02-24
Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-02-03
Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-02-03
A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.024
Published
2021-08-18
SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.
CVSS Score
9.8
EPSS Score
0.01
Published
2021-06-23
imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality.
CVSS Score
7.2
EPSS Score
0.025
Published
2020-12-09
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-08-12
imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-02-18
imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-12-30
Page 1