CVE-2018-20597
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.
Source: CVE-2018-20597
[월:] 2018년 12월
CVE-2018-20611
CVE-2018-20611
imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI.
Source: CVE-2018-20611
CVE-2018-20600
CVE-2018-20600
sadmincedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.
Source: CVE-2018-20600
CVE-2018-20599
CVE-2018-20599
UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.
Source: CVE-2018-20599
CVE-2018-20603
CVE-2018-20603
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF.
Source: CVE-2018-20603
CVE-2018-20605
CVE-2018-20605
imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.
Source: CVE-2018-20605
CVE-2018-20612
CVE-2018-20612
UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF.
Source: CVE-2018-20612
CVE-2018-20609
CVE-2018-20609
imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI.
Source: CVE-2018-20609
CVE-2018-20608
CVE-2018-20608
imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.
Source: CVE-2018-20608
CVE-2018-20607
CVE-2018-20607
imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI.
Source: CVE-2018-20607