Skip to main content
CVE-2013-1412 HIGH POC PATCH THREAT Act Now

DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 85.1%.

RCE PHP Code Injection Datalife Engine
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
85.1%
Threat
5.6
CVE-2014-3935 HIGH POC This Week

SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Glossaire Module
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-3934 HIGH POC This Week

SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Nuke Submit News Module
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-3932 HIGH POC This Week

SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Endpoint Protector
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2013-6433 HIGH This Week

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Neutron Ubuntu Linux
NVD
CVSS 2.0
7.6
EPSS
1.6%
CVE-2013-1397 HIGH PATCH This Week

Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Symfony
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-1348 HIGH PATCH This Week

The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Symfony
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-3937 HIGH PATCH This Week

SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Contextual Related Posts
NVD
CVSS 2.0
7.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy