Skip to main content
CVE-2018-10519 HIGH POC This Week

CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cms Made Simple
NVD GitHub
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-10503 HIGH POC This Week

An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Baijiacms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2018-10504 HIGH POC This Week

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Form Maker
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.7%
CVE-2018-7669 HIGH POC THREAT This Week

An issue was discovered in Sitecore Sitecore.NET 8.1 rev. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Sitecore Net
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
17.5%
CVE-2018-10517 HIGH POC THREAT This Week

In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Cms Made Simple
NVD Exploit-DB GitHub
CVSS 3.0
7.2
EPSS
12.2%
CVE-2018-10515 HIGH POC This Week

In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Cms Made Simple
NVD GitHub
CVSS 3.0
7.2
EPSS
2.4%
CVE-2018-1479 HIGH PATCH This Week

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Bigfix Platform
NVD
CVSS 3.0
8.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy