CRITICAL🇬🇧 English

CVE-2022-38297

CVSS 9.8v3.1pub. 2022-09-12upd. 2024-11-21

UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ucms Project Ucms

    APP
    Ucms Project
    1.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2022-35426CRITICAL9.8ten sam produkt

UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file.

CVE-2022-28443CRITICAL9.1ten sam produkt

UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability.

CVE-2020-25537CRITICAL9.8ten sam produkt

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to o...

CVE-2020-25483CRITICAL9.8ten sam produkt

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, whe...

CVE-2018-17035CRITICAL9.8ten sam produkt

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.

CVE-2022-38297 — CRITICAL 9.8 | CVEbaza.pl