Skip to main content
CVE-2018-17936 CRITICAL POC THREAT Emergency

NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Nuuo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
15.3%
CVE-2018-13354 CRITICAL POC THREAT Act Now

System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Terramaster Operating System
NVD
CVSS 3.0
9.8
EPSS
22.9%
CVE-2018-13350 CRITICAL POC THREAT Act Now

SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Terramaster Operating System
NVD
CVSS 3.0
9.8
EPSS
16.7%
CVE-2018-13338 CRITICAL POC THREAT Act Now

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Terramaster Operating System
NVD
CVSS 3.0
9.8
EPSS
10.2%
CVE-2018-13336 CRITICAL POC Act Now

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Terramaster Operating System
NVD
CVSS 3.0
9.8
EPSS
9.1%
CVE-2018-17934 CRITICAL POC THREAT Act Now

NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Nuuo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
19.7%
CVE-2018-13316 CRITICAL POC Act Now

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002ru Firmware
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-13314 CRITICAL POC Act Now

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002ru Firmware
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-13307 CRITICAL POC Act Now

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002ru Firmware
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-13306 CRITICAL POC Act Now

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002ru Firmware
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-19595 CRITICAL POC Act Now

PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Pbootcms
NVD
CVSS 3.0
9.8
EPSS
3.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy