Skip to main content
CVE-2014-5519 HIGH POC THREAT Act Now

The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.6%.

RCE PHP Code Injection Phpwiki
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
82.6%
Threat
5.5
CVE-2014-2223 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

RCE PHP Code Injection File Upload Plogger
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
10.4%
CVE-2014-6235 HIGH POC PATCH This Week

Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Ke Dompdf
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
9.4%
CVE-2014-6236 HIGH PATCH This Week

Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Lumonet Php Include
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-6231 HIGH PATCH This Week

Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extension before 1.2.5 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Cwt Frontend Edit
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-6241 HIGH PATCH This Week

SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Wt Directory
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-6233 HIGH PATCH This Week

SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Flat Manager
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-6239 HIGH PATCH This Week

SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Google Address Visualization With Google Maps
NVD
CVSS 2.0
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy