Every CVE whose affected-product data names Txjia Imcat, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2019-14968 — CVSS 9.8 (critical): An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.
CVE-2018-20605 — CVSS 9.8 (critical): imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.
CVE-2021-35370 — CVSS 9.8 (critical): An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.
CVE-2021-36444 — CVSS 8.8 (high): Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token…
CVE-2020-22120 — CVSS 8.8 (high): A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to…
CVE-2021-36443 — CVSS 8.8 (high): Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.
CVE-2018-20608 — CVSS 7.5 (high): imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.
CVE-2020-23520 — CVSS 7.2 (high): imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality.
CVE-2021-35369 — CVSS 6.5 (medium): Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the…
CVE-2018-20607 — CVSS 5.3 (medium): imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI.
CVE-2018-20609 — CVSS 5.3 (medium): imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI.