Skip to main content
CVE-2018-16731 CRITICAL POC Act Now

CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Cscms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-16724 CRITICAL POC Act Now

An issue is discovered in baijiacms V4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Baijiacms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-16725 MEDIUM POC This Month

An issue is discovered in baijiacms V4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Baijiacms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16732 HIGH This Week

\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Cscms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-16715 HIGH This Week

An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Ctes Windows Agent
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-16733 HIGH PATCH This Week

In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Ethereum
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-16730 MEDIUM This Month

\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Cscms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy