Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Imcat
(Txjia)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-02-03 | CVE-2021-36444 | Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page. | Imcat | 8.8 | ||
| 2019-08-12 | CVE-2019-14968 | An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action. | Imcat | 9.8 | ||
| 2019-02-17 | CVE-2019-8436 | imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. | Imcat | 5.4 | ||
| 2018-12-30 | CVE-2018-20611 | imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. | Imcat | 6.1 | ||
| 2018-12-30 | CVE-2018-20610 | imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter. | Imcat | 4.9 | ||
| 2018-12-30 | CVE-2018-20609 | imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI. | Imcat | 5.3 | ||
| 2018-12-30 | CVE-2018-20608 | imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI. | Imcat | 7.5 | ||
| 2018-12-30 | CVE-2018-20607 | imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI. | Imcat | 5.3 | ||
| 2018-12-30 | CVE-2018-20606 | imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI. | Imcat | 7.5 | ||
| 2018-12-30 | CVE-2018-20605 | imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file. | Imcat | 9.8 |