Skip to main content
CVE-2018-19180 CRITICAL POC Act Now

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Yunucms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-19168 CRITICAL Act Now

Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Command Injection Fruitywifi
NVD GitHub
CVSS 3.0
9.8
EPSS
6.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy