Skip to main content
CVE-2017-17731 CRITICAL POC THREAT Emergency

DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.2%.

SQLi PHP Dedecms
NVD
CVSS 3.0
9.8
EPSS
90.2%
Threat
6.2
CVE-2017-17733 CRITICAL POC THREAT Emergency

Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.8%.

PHP Information Disclosure Maccms
NVD
CVSS 3.0
9.8
EPSS
31.8%
Threat
4.4
CVE-2017-17739 CRITICAL POC THREAT Emergency

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.3%.

Path Traversal 4K242 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
21.3%
Threat
4.1
CVE-2017-17721 CRITICAL POC Act Now

CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Beims Contractorweb Net
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.9%
CVE-2017-17651 CRITICAL POC Act Now

Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Paid To Read Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17645 CRITICAL POC Act Now

Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bus Booking Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17643 CRITICAL POC Act Now

FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lynda Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17730 CRITICAL POC Act Now

DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dedecms
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-17735 CRITICAL Act Now

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cms Made Simple
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-17734 CRITICAL Act Now

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cms Made Simple
NVD
CVSS 3.0
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy