Txjia Imcat vulnerabilities
16 known vulnerabilities affecting txjia/imcat.
Total CVEs
16
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH6MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2018-20608P2HIGHCVSS 7.5PoCv4.42018-12-30
CVE-2018-20608 [HIGH] CWE-200 CVE-2018-20608: imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1
imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.
nvd
CVE-2018-20605P3CRITICALCVSS 9.8v4.42018-12-30
CVE-2018-20605 [CRITICAL] CWE-94 CVE-2018-20605: imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify
imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.
nvd
CVE-2020-22120P3HIGHCVSS 8.8v5.12021-08-18
CVE-2020-22120 [HIGH] CWE-94 CVE-2020-22120: A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1
A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.
nvd
CVE-2019-14968P3CRITICALCVSS 9.8v4.92019-08-12
CVE-2019-14968 [CRITICAL] CWE-89 CVE-2019-14968: An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.
nvd
CVE-2020-20392P3CRITICALCVSS 9.8v5.22021-06-23
CVE-2020-20392 [CRITICAL] CWE-89 CVE-2020-20392: SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.
SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.
nvd
CVE-2021-35370P3CRITICALCVSS 9.8v5.42023-02-24
CVE-2021-35370 [CRITICAL] CWE-20 CVE-2021-35370: An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete
An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.
nvd
CVE-2020-23520P3HIGHCVSS 7.2v5.22020-12-09
CVE-2020-23520 [HIGH] CWE-434 CVE-2020-23520: imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture
imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality.
nvd
CVE-2021-36444P3HIGHCVSS 8.8v5.42023-02-03
CVE-2021-36444 [HIGH] CWE-352 CVE-2021-36444: Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalat
Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page.
nvd
CVE-2018-20606P3HIGHCVSS 7.5v4.42018-12-30
CVE-2018-20606 [HIGH] CWE-200 CVE-2018-20606: imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI.
imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI.
nvd
CVE-2021-36443P3HIGHCVSS 8.8v5.42023-02-03
CVE-2021-36443 [HIGH] CWE-352 CVE-2021-36443: Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege
Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.
nvd
CVE-2021-35369P4MEDIUMCVSS 6.5v5.2v5.32023-02-24
CVE-2021-35369 [MEDIUM] CWE-125 CVE-2021-35369: Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to o
Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the filtering_get_contents function.
nvd
CVE-2018-20610P4MEDIUMCVSS 4.9v4.42018-12-30
CVE-2018-20610 [MEDIUM] CWE-22 CVE-2018-20610: imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter.
imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter.
nvd
CVE-2018-20607P4MEDIUMCVSS 5.3v4.42018-12-30
CVE-2018-20607 [MEDIUM] CWE-200 CVE-2018-20607: imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root
imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI.
nvd
CVE-2018-20609P4MEDIUMCVSS 5.3v4.42018-12-30
CVE-2018-20609 [MEDIUM] CWE-200 CVE-2018-20609: imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the
imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI.
nvd
CVE-2019-8436P4MEDIUMCVSS 5.4v4.52019-02-18
CVE-2019-8436 [MEDIUM] CWE-79 CVE-2019-8436: imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.
imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.
nvd
CVE-2018-20611P4MEDIUMCVSS 6.1v4.42018-12-30
CVE-2018-20611 [MEDIUM] CWE-79 CVE-2018-20611: imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI.
imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI.
nvd