imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-12-30
imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI.
CVSS Score
7.5
EPSS Score
0.07
Published
2018-12-30
imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI.
CVSS Score
5.3
EPSS Score
0.034
Published
2018-12-30
imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.
CVSS Score
7.5
EPSS Score
0.636
Published
2018-12-30
imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI.
CVSS Score
5.3
EPSS Score
0.034
Published
2018-12-30
imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter.
CVSS Score
4.9
EPSS Score
0.008
Published
2018-12-30
imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-30