Skip to main content
CVE-2018-16367 CRITICAL POC Act Now

In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Onlinejudge
NVD GitHub
CVSS 3.0
9.9
EPSS
2.2%
CVE-2018-16352 CRITICAL POC Act Now

There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Weaselcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-16354 CRITICAL Act Now

An issue was discovered in FHCRM through 2018-02-11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Fhcrm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-16353 CRITICAL Act Now

An issue was discovered in FHCRM through 2018-02-11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Fhcrm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy