An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.