Skip to main content
CVE-2018-19422 HIGH POC PATCH THREAT Act Now

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Subrion Cms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
64.3%
CVE-2018-19416 HIGH POC This Week

An issue was discovered in sysstat 12.1.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Sysstat
NVD GitHub
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-19423 HIGH POC THREAT This Week

Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Codiad
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
18.0%
CVE-2018-19404 HIGH POC This Week

In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Yxcms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.6%
CVE-2018-19411 HIGH This Week

PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Prtg Network Monitor
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-19424 HIGH This Week

ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Clippercms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy