Skip to main content
CVE-2018-20572 CRITICAL POC Act Now

WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhicms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-20577 CRITICAL POC Act Now

Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Arv7519Rw22 Livebox 2 1 Firmware
NVD GitHub
CVSS 3.0
9.1
EPSS
0.6%
CVE-2018-5204 CRITICAL Act Now

ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Ml Report
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-5203 CRITICAL Act Now

DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Dextuploadx5
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-20569 CRITICAL Act Now

user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Authentication Bypass PHP Generic Content Management System
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-20568 CRITICAL PATCH Act Now

Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Authentication Bypass PHP Generic Content Management System
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-1000631 CRITICAL Act Now

Battelle V2I Hub 3.0 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi V2I Hub
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-1000628 CRITICAL Act Now

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass V2I Hub
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-1000627 CRITICAL Act Now

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass V2I Hub
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-1000626 CRITICAL Act Now

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass V2I Hub
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-1000625 CRITICAL Act Now

Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass V2I Hub
NVD
CVSS 3.0
9.8
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy