Skip to main content
CVE-2018-19180 CRITICAL POC Act Now

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Yunucms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-19135 HIGH POC This Week

ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload CSRF Clippercms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
3.0%
CVE-2018-19181 HIGH POC This Week

statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Yunucms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-19168 CRITICAL Act Now

Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Command Injection Fruitywifi
NVD GitHub
CVSS 3.0
9.8
EPSS
6.5%
CVE-2018-19178 MEDIUM POC This Month

In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Jeesns
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-19170 MEDIUM POC This Month

In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tomcat Jpress
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-19143 MEDIUM PATCH This Month

Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Open Ticket Request System Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-19142 MEDIUM This Month

Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Ticket Request System
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-19141 MEDIUM PATCH This Month

Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Open Ticket Request System Debian Linux
NVD
CVSS 3.0
4.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy