Skip to main content
CVE-2015-5681 HIGH POC This Week

Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP File Upload Powerplay Gallery
NVD
CVSS 2.0
7.5
EPSS
7.8%
CVE-2015-6519 HIGH POC This Week

SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Arab Portal
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.0%
CVE-2015-5599 HIGH POC This Week

Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Powerplay Gallery
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2015-6513 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi J2Store
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-4426 HIGH POC This Week

SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pimcore
NVD GitHub
CVSS 2.0
7.5
EPSS
0.0%
CVE-2015-5501 HIGH This Week

The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Apache Hostmaster
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-5502 HIGH PATCH This Week

The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Storage Api
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2015-5504 HIGH PATCH This Week

SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Novalnet Payment Module Ubercart
NVD
CVSS 2.0
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy