Skip to main content
CVE-2019-7736 CRITICAL POC Act Now

D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 600M Firmware
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-7731 CRITICAL POC Act Now

MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Mywebsql
NVD GitHub
CVSS 3.0
9.8
EPSS
4.2%
CVE-2019-7720 CRITICAL POC Act Now

taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Taocms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-7719 CRITICAL POC Act Now

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Nibbleblog
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-7747 CRITICAL POC Act Now

DbNinja 3.2.7 allows session fixation via the data.php sessid parameter. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Session Fixation Information Disclosure Dbninja
NVD GitHub
CVSS 3.0
9.6
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy