Skip to main content
CVE-2018-20613 HIGH POC This Week

TEMMOKU T1.09 Beta allows admin/user/add CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Temmoku
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-20612 HIGH POC This Week

UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Universal Website Asthis
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-20603 HIGH POC This Week

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Lei Feng Tv Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-20599 HIGH POC This Week

UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Ucms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-20598 HIGH POC This Week

UCMS 1.4.7 has ?do=user_addpost CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ucms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-20595 HIGH POC PATCH This Week

A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java CSRF Hsweb
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-20614 HIGH POC This Week

public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install/#/step3 URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Cim
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-20608 HIGH POC THREAT This Week

imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Imcat
NVD GitHub
CVSS 3.0
7.5
EPSS
12.4%
CVE-2018-20606 HIGH POC This Week

imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Imcat
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-20602 HIGH POC This Week

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Lei Feng Tv Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy