Filtered by vendor Usualtool
Subscribe
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-6244 | 1 Usualtool | 1 Usualtoolcms | 2019-01-24 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file. | |||||
CVE-2018-20128 | 1 Usualtool | 1 Usualtoolcms | 2019-01-04 | 6.4 MEDIUM | 7.5 HIGH |
An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring. | |||||
CVE-2018-18422 | 1 Usualtool | 1 Usualtoolcms | 2018-11-30 | 6.8 MEDIUM | 8.8 HIGH |
UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI. |