Ulicms

ulicms

7 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-53925 1Ulicms 1Ulicms Dec 27, 2025 Dec 17, 2025 5.1 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file management interfac...Show more UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file management interface that execute arbitrary scripts when viewed by other users.Show less
CVE-2023-53924 1Ulicms 1Ulicms Dec 18, 2025 Dec 17, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution...Show more UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution by visiting the uploaded file's location, enabling system command execution through maliciously crafted avatar uploads.Show less
CVE-2023-53923 1Ulicms 1Ulicms Dec 18, 2025 Dec 17, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/...Show more UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/admin/index.php with specific parameters to generate a new admin user with full system access.Show less
CVE-2023-53914 1Ulicms 1Ulicms Dec 24, 2025 Dec 17, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the ad...Show more UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative account with full system access.Show less
CVE-2020-12704 1Ulicms 1Ulicms Nov 21, 2024 May 7, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 UliCMS before 2020.2 has PageController stored XSS.
CVE-2020-12703 1Ulicms 1Ulicms Nov 21, 2024 May 7, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 UliCMS before 2020.2 has XSS during PackageController uninstall.
CVE-2019-11398 1Ulicms 1Ulicms Nov 21, 2024 May 8, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?...Show more Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon.Show less