Skip to main content
CVE-2018-11032 CRITICAL POC Act Now

PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phprap
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-11031 CRITICAL POC Act Now

application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Phprap
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-11091 CRITICAL Act Now

An issue was discovered in MyBiz MyProcureNet 5.0.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Myprocurenet
NVD VulDB
CVSS 3.1
9.9
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy