← Back

Mkcms

mkcms

Vendor: Mkcms Project • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-22820
1Mkcms Project
1Mkcms
May 5, 2025
Nov 3, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.
CVE-2020-22819
1Mkcms Project
1Mkcms
May 5, 2025
Nov 3, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.
CVE-2020-22818
1Mkcms Project
1Mkcms
May 5, 2025
Nov 3, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.
CVE-2019-11332
1Mkcms Project
1Mkcms
Jun 17, 2026
Apr 18, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456.
CVE-2019-11078
1Mkcms Project
1Mkcms
Jun 17, 2026
Apr 11, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI.
CVE-2019-10707
1Mkcms Project
1Mkcms
Jun 17, 2026
Apr 2, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
MKCMS V5.0 has SQL injection via the bplay.php play parameter.