Skip to main content
CVE-2018-6863 CRITICAL POC Act Now

SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Select Your College Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-6889 HIGH POC This Week

An issue was discovered in Typesetter 5.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Typesetter
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
6.8%
CVE-2018-6860 HIGH POC This Week

Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Schools Alert Management Script
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.5%
CVE-2018-6888 HIGH POC This Week

An issue was discovered in Typesetter 5.1. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Typesetter
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
2.0%
CVE-2018-6845 MEDIUM POC This Month

PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Olx Clone Script
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
2.5%
CVE-2018-6893 CRITICAL Act Now

controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Finecms
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-6864 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Multireligion Responsive Matrimonial
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-6862 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Bitcoin Mlm
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-6861 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Script 1.0.2 via a profile update parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Lawyer Search Script
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2018-6858 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Facebook Clone Script
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2018-6881 MEDIUM POC This Month

EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Dedecms Empirecms
NVD GitHub
CVSS 3.1
5.3
EPSS
2.2%
CVE-2018-6880 MEDIUM POC This Month

EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Empirecms
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2018-6506 MEDIUM POC This Month

Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Minibb
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-6927 HIGH PATCH This Week

The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Linux Linux Kernel Ubuntu Linux +8
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2018-6926 HIGH PATCH This Week

In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection PHP Misp
NVD GitHub VulDB
CVSS 3.0
7.2
EPSS
1.7%
CVE-2018-1214 HIGH This Week

Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Microsoft Dell Emc Supportassist Enterprise
NVD
CVSS 3.0
7.0
EPSS
0.8%
CVE-2018-6912 MEDIUM This Month

The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Ffmpeg
NVD
CVSS 3.0
6.5
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy