Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Txjia Subscribe
Total 16 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-35370 1 Txjia 1 Imcat 2023-03-06 N/A 9.8 CRITICAL
An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.
CVE-2021-35369 1 Txjia 1 Imcat 2023-03-06 N/A 6.5 MEDIUM
Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the filtering_get_contents function.
CVE-2021-36444 1 Txjia 1 Imcat 2023-02-09 N/A 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page.
CVE-2021-36443 1 Txjia 1 Imcat 2023-02-09 N/A 8.8 HIGH
Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.
CVE-2020-22120 1 Txjia 1 Imcat 2022-10-26 6.5 MEDIUM 8.8 HIGH
A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.
CVE-2020-20392 1 Txjia 1 Imcat 2021-06-25 7.5 HIGH 9.8 CRITICAL
SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.
CVE-2020-23520 1 Txjia 1 Imcat 2020-12-10 6.5 MEDIUM 7.2 HIGH
imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality.
CVE-2019-14968 1 Txjia 1 Imcat 2019-08-15 7.5 HIGH 9.8 CRITICAL
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.
CVE-2019-8436 1 Txjia 1 Imcat 2019-02-19 3.5 LOW 5.4 MEDIUM
imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.
CVE-2018-20609 1 Txjia 1 Imcat 2019-01-09 5.0 MEDIUM 5.3 MEDIUM
imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI.
CVE-2018-20608 1 Txjia 1 Imcat 2019-01-09 5.0 MEDIUM 7.5 HIGH
imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.
CVE-2018-20607 1 Txjia 1 Imcat 2019-01-09 5.0 MEDIUM 5.3 MEDIUM
imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI.
CVE-2018-20605 1 Txjia 1 Imcat 2019-01-09 7.5 HIGH 9.8 CRITICAL
imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.
CVE-2018-20606 1 Txjia 1 Imcat 2019-01-09 5.0 MEDIUM 7.5 HIGH
imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI.
CVE-2018-20611 1 Txjia 1 Imcat 2019-01-09 4.3 MEDIUM 6.1 MEDIUM
imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI.
CVE-2018-20610 1 Txjia 1 Imcat 2019-01-07 4.0 MEDIUM 4.9 MEDIUM
imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter.