Skip to main content
CVE-2018-19437 HIGH POC This Week

UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ucms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-19459 HIGH POC This Week

Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Adult Filter
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.0%
CVE-2018-19458 HIGH POC THREAT This Week

In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Php Proxy
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
32.9%
CVE-2018-19457 HIGH POC This Week

Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Faq Script
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
3.9%
CVE-2018-19436 HIGH POC This Week

An issue was discovered in the Manufacturing component in webERP 4.15. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Weberp
NVD GitHub
CVSS 3.0
7.2
EPSS
1.1%
CVE-2018-19435 HIGH POC This Week

An issue was discovered in the Sales component in webERP 4.15. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Weberp
NVD GitHub
CVSS 3.0
7.2
EPSS
1.1%
CVE-2018-19434 HIGH POC This Week

An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Weberp
NVD GitHub
CVSS 3.0
7.2
EPSS
1.1%
CVE-2018-19463 HIGH This Week

zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE PHP Z Blogphp
NVD GitHub
CVSS 3.0
8.8
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy