ucms project

Top products

The 15 most recently published vulnerabilities affecting ucms project.

• CVE-2023-5015UCMS cross site scripting3.5Sep 17, 2023
• CVE-2023-2294UCMS Column Configuration saddpost.php cross site scripting3.5Apr 26, 2023
• CVE-2023-1303UCMS System File Management Module fileedit.php unrestricted upload6.3Mar 9, 2023
• CVE-2022-42234There is a file inclusion vulnerability in the template management module in UCMS 1.68.8Oct 14, 2022
• CVE-2022-38527UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.6.1Sep 19, 2022
• CVE-2022-38297UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.9.8Sep 12, 2022
• CVE-2022-35426UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file.9.8Aug 9, 2022
• CVE-2022-28440An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file.8.8Apr 21, 2022
• CVE-2022-28444UCMS v1.6 was discovered to contain an arbitrary file read vulnerability.7.5Apr 21, 2022
• CVE-2022-28443UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability.9.1Apr 21, 2022
• CVE-2020-20781A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key wor...5.4Sep 29, 2021
• CVE-2021-25809UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.5.3Jul 23, 2021
• CVE-2020-25537File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.9.8Nov 30, 2020
• CVE-2020-25483An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.9.8Oct 23, 2020
• CVE-2020-24981An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS.5.3Sep 4, 2020