Skip to main content
CVE-2019-15524 CRITICAL Act Now

CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload RCE Csz Cms
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2019-15521 CRITICAL PATCH Act Now

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization Spoon Library Fork Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2019-15534 CRITICAL PATCH Act Now

Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Raml Module Builder
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-4169 CRITICAL Act Now

IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Open Power
NVD
CVSS 3.1
9.1
EPSS
1.7%
CVE-2019-15304 CRITICAL Act Now

Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Wifi Grilling Thermometer Firmware
NVD
CVSS 3.0
9.1
EPSS
3.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy