Search Results | AttackerKB

38 Total Results

Displaying 21-30 of 38

Attacker Value

Unknown

CVE-2020-25537

Disclosure Date: November 30, 2020 (last updated February 22, 2025)

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.

Attacker Value

Unknown

CVE-2020-25483

Disclosure Date: October 23, 2020 (last updated February 22, 2025)

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2020-24981

Disclosure Date: September 04, 2020 (last updated November 28, 2024)

An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2019-12251

Disclosure Date: May 21, 2019 (last updated November 27, 2024)

sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.

Attacker Value

Unknown

CVE-2018-16804

Disclosure Date: March 07, 2019 (last updated November 27, 2024)

An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request.

Attacker Value