peacexie/imcat
GitHub
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 6.5 MEDIUM | — | ||
Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the filtering_get_contents function. | |||
| 9.8 CRITICAL | — | ||
An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function. | |||
| 8.8 HIGH | — | ||
Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification. | |||
| 8.8 HIGH | — | ||
Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page. | |||
| 8.8 HIGH | 6.5 MEDIUM | ||
A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php. | |||
| 7.2 HIGH | 6.5 MEDIUM | ||
imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. | |||
| — | 7.5 HIGH | ||
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action. | |||
| — | 3.5 LOW | ||
imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. | |||