CVE-2020-20392
CRITICAL
9.8
CVSS Severity Score
Vulnerability Description
SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.
Affected Platforms (CPE)
📦
Txjia
返回 CVE 瀏覽器
相關漏洞威脅
CVE-2019-149689.8
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.
CVE-2021-353709.8
An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.
CVE-2018-206059.8
imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.
CVE-2020-221208.8
A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attacker...