Skip to main content
CVE-2018-20605 CRITICAL POC Act Now

imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Imcat
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-20613 HIGH POC This Week

TEMMOKU T1.09 Beta allows admin/user/add CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Temmoku
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-20612 HIGH POC This Week

UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Universal Website Asthis
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-20603 HIGH POC This Week

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Lei Feng Tv Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-20599 HIGH POC This Week

UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Ucms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-20598 HIGH POC This Week

UCMS 1.4.7 has ?do=user_addpost CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ucms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-20595 HIGH POC PATCH This Week

A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java CSRF Hsweb
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-20614 HIGH POC This Week

public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install/#/step3 URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Cim
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-20608 HIGH POC THREAT This Week

imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Imcat
NVD GitHub
CVSS 3.0
7.5
EPSS
12.4%
CVE-2018-20606 HIGH POC This Week

imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Imcat
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-20602 HIGH POC This Week

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Lei Feng Tv Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-20591 MEDIUM POC This Month

A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libming
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-20588 MEDIUM POC This Month

lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-alpha has a buffer over-read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Otfcc
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-20584 MEDIUM POC PATCH This Month

JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jasper Debian Linux Outside In Technology
NVD GitHub
CVSS 3.1
6.5
EPSS
2.9%
CVE-2018-20611 MEDIUM POC This Month

imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Imcat
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-20600 MEDIUM POC This Month

sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ucms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-20594 MEDIUM POC PATCH This Month

An issue was discovered in hsweb 3.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Hsweb
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-20583 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Commonmark
NVD GitHub
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-20596 CRITICAL Act Now

Jspxcms v9.0.0 allows SSRF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Jspxcms
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-20593 MEDIUM POC This Month

In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mini Xml Fedora
NVD GitHub
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-20592 MEDIUM POC This Month

In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Mini Xml Fedora
NVD GitHub
CVSS 3.0
5.5
EPSS
1.5%
CVE-2018-20609 MEDIUM POC This Month

imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Imcat
NVD GitHub
CVSS 3.0
5.3
EPSS
2.7%
CVE-2018-20607 MEDIUM POC This Month

imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Imcat
NVD GitHub
CVSS 3.0
5.3
EPSS
2.7%
CVE-2018-20610 MEDIUM POC This Month

imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Imcat
NVD GitHub
CVSS 3.0
4.9
EPSS
1.9%
CVE-2018-20604 MEDIUM POC This Month

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Lei Feng Tv Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.4%
CVE-2018-20601 MEDIUM POC This Month

UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-20597 MEDIUM POC This Month

UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-20590 MEDIUM PATCH This Month

Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Generic Content Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2018-20589 MEDIUM PATCH This Month

Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Generic Content Management System
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy