Skip to main content
CVE-2018-15168 CRITICAL POC Act Now

A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD GitHub
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-15137 CRITICAL POC THREAT Act Now

CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Clr M20 Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
18.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy