Skip to main content
CVE-2016-8870 HIGH POC PATCH THREAT Act Now

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla!. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 91.5%.

PHP Information Disclosure Joomla
NVD GitHub Exploit-DB
CVSS 3.0
8.1
EPSS
91.5%
Threat
5.9
CVE-2016-9187 HIGH POC This Week

Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Moodle
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2016-9186 HIGH POC This Week

Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Moodle
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2016-9177 HIGH POC PATCH This Week

Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Spark
NVD GitHub
CVSS 3.0
7.5
EPSS
5.5%
CVE-2016-9190 HIGH PATCH This Week

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Authentication Bypass Pillow Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2016-9184 HIGH PATCH This Week

In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PHP SQLi Information Disclosure Exponent Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-9183 HIGH PATCH This Week

In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP SQLi Information Disclosure Exponent Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-9182 HIGH PATCH This Week

Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Authentication Bypass Exponent Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy