Skip to main content
CVE-2017-9363 CRITICAL POC Act Now

Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Java RCE Iam
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2017-9364 CRITICAL POC PATCH Act Now

Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Bigtree Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-9360 CRITICAL Act Now

WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Websitebaker
NVD
CVSS 3.0
9.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy