CVE-2018-17035
CRITICAL
9.8
CVSS Severity Score
Vulnerability Description
UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.
Affected Platforms (CPE)
📦
Ucms Project
返回 CVE 浏览器
相关漏洞威胁
CVE-2020-57579.8
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated r...
CVE-2020-254839.8
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can g...
CVE-2018-170369.8
An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to ...
CVE-2020-255379.8
File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server managem...