imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Code Injection
RCE
PHP
Imcat
NVD
GitHub
CVSS 3.0
9.8
EPSS
2.4%
Jspxcms v9.0.0 allows SSRF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SSRF
Jspxcms
NVD
CVSS 3.0
9.8
EPSS
1.1%