Skip to main content
CVE-2017-14760 CRITICAL POC Act Now

SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Event Espresso Lite
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-14764 HIGH POC This Week

In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Genixcms
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-14763 HIGH POC This Week

In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Genixcms
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-14766 HIGH POC This Week

The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass PHP Simple Student Result
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-14765 MEDIUM POC This Month

In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Genixcms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14762 MEDIUM POC This Month

In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Genixcms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14761 MEDIUM POC This Month

In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Genixcms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14753 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-14767 HIGH PATCH This Week

The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Ffmpeg
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy