Skip to main content
CVE-2018-19135 HIGH POC This Week

ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload CSRF Clippercms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
3.0%
CVE-2018-19181 HIGH POC This Week

statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Yunucms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy