Known Vulnerabilities for products from Ucms Project

Listed below are 18 of the newest known vulnerabilities associated with the vendor "Ucms Project".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-25809 UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() functi... 5.3 - MEDIUM 2021-07-23 2021-08-03
CVE-2020-25537 File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server ma... 9.8 - CRITICAL 2020-11-30 2020-12-04
CVE-2020-25483 An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker ... 9.8 - CRITICAL 2020-10-23 2021-07-21
CVE-2020-24981 An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an erro... 5.3 - MEDIUM 2020-09-04 2021-07-21
CVE-2020-20781 A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute a... 5.4 - MEDIUM 2021-09-29 2021-10-03
CVE-2019-12251 sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter. 8.8 - HIGH 2019-05-21 2019-05-21
CVE-2018-20601 UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action. 4.8 - MEDIUM 2018-12-30 2019-01-04
CVE-2018-20600 sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action. 6.1 - MEDIUM 2018-12-30 2019-01-04
CVE-2018-20599 UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit ac... 8.8 - HIGH 2018-12-30 2019-01-04
CVE-2018-20598 UCMS 1.4.7 has ?do=user_addpost CSRF. 8.8 - HIGH 2018-12-30 2019-01-04
CVE-2018-20597 UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action. 4.8 - MEDIUM 2018-12-30 2019-01-04
CVE-2018-19437 UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is us... 8.8 - HIGH 2018-11-22 2019-10-03
CVE-2018-17320 An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aadd... 6.1 - MEDIUM 2018-09-21 2018-11-13
CVE-2018-17037 user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser l... 8.8 - HIGH 2018-09-14 2019-10-03
CVE-2018-17036 An issue was discovered in UCMS 1.4.6. It allows PHP code injection during installation via the systemdomain parameter to ins... 9.8 - CRITICAL 2018-09-14 2018-11-07
CVE-2018-17035 UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter. 9.8 - CRITICAL 2018-09-14 2018-11-07
CVE-2018-17034 UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter. 6.1 - MEDIUM 2018-09-14 2018-11-07
CVE-2018-16804 An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request. 6.1 - MEDIUM 2019-03-07 2019-03-08

Known software with vulnerabilities from Ucms Project

Type Vendor Product Version
ApplicationUcms ProjectUcms1.0

Popular searches for "Ucms Project"

PAST PROJECTS - TROPA UCM - Researching climate variability

? ;PAST PROJECTS - TROPA UCM - Researching climate variability Title of the project: Determination of coastal upwelling over NW Africa from nautical navigation data 1700 onwards Reference: CGL2015-72164-EXP. Title of the project: Impact of the MJO on West Africa in the CMIP5 simulations Reference : COOPA20025. Title of the project: Multiscale Climate Variability. Title of the project: Tropical Atlantic variability and the Climate Shift TRACS Reference :CGL2009-10285.

Climate variability Principal investigator Quantity Climate Upwelling Coupled Model Intercomparison Project Navigation Climate change Complutense University of Madrid Tropical Atlantic Africa West Africa Data Computer simulation Project Predictability Spanish language Statistical dispersion Spanish National Research Council European Union


UNIT 1 Project Title: RD06/0008 Red espaola de investigacin en patologa infecciosa REIPI Coordinator: Pachn Daz, Jernimo. Project PI: Concha Gil. Funded by: CICYT, BIO2009-07654. Project PI: Concha Gil Proteored Node 1: UCM-Parque Cientfico .

Complutense University of Madrid Integrism (Spain) Spain Community of Madrid Candida albicans Nombela Científico Sergio Pachón David Concha Midfielder Aspergillus fumigatus Jerónimo Morales Neumann Carles Gil Alejandro Pachón Parraga Jerome of Périgord Cata Díaz Mariano Martín César Rodríguez Álvarez Candidiasis Santiago Ramón y Cajal