Skip to main content
CVE-2018-8972 HIGH POC This Week

Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cwcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-8969 HIGH POC This Week

An issue was discovered in zzcms 8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zzcms
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2018-8968 HIGH POC This Week

An issue was discovered in zzcms 8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zzcms
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2018-8966 HIGH POC This Week

An issue was discovered in zzcms 8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Zzcms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2018-8965 HIGH POC This Week

An issue was discovered in zzcms 8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zzcms
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2018-8970 HIGH PATCH This Week

The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Libressl
NVD GitHub
CVSS 3.0
7.4
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy