Skip to main content
CVE-2017-14396 CRITICAL POC PATCH Act Now

In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Osticket
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.0%
CVE-2017-14346 CRITICAL POC Act Now

upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Blog
NVD GitHub
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-14345 CRITICAL POC Act Now

SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blog
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8015 CRITICAL Act Now

EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Appsync
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-14397 CRITICAL Act Now

AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Code Injection Anydesk
NVD
CVSS 3.0
9.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy