Skip to main content
CVE-2019-11378 HIGH POC This Week

An issue was discovered in ProjectSend r1053. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal RCE Projectsend
NVD GitHub
CVSS 3.0
8.8
EPSS
3.6%
CVE-2019-11377 HIGH POC This Week

wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wcms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-11374 HIGH POC This Week

74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF 74Cms
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
9.9%
CVE-2019-11376 HIGH POC This Week

SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Soy Cms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy