Skip to main content
CVE-2020-5514 CRITICAL POC THREAT Act Now

Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gila Cms
NVD
CVSS 3.1
9.1
EPSS
44.1%
CVE-2020-5846 HIGH POC This Week

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Cloud Backup Suite
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-5192 HIGH POC THREAT This Week

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
16.8%
CVE-2020-5515 HIGH POC THREAT This Week

Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gila Cms
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
26.5%
CVE-2020-5513 MEDIUM POC THREAT This Month

Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gila Cms
NVD
CVSS 3.1
6.8
EPSS
25.8%
CVE-2020-5512 MEDIUM POC THREAT This Month

Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gila Cms
NVD
CVSS 3.1
6.8
EPSS
18.9%
CVE-2020-5191 MEDIUM POC This Month

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hospital Management System
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
5.5%
CVE-2020-5519 CRITICAL Act Now

The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openlitespeed
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-5204 HIGH PATCH This Week

In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Stack Overflow Uftpd
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-6857 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Tsxh5744M Firmware Tsxh5724M Firmware +25
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2019-6856 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Tsxh5744M Firmware Tsxh5724M Firmware +25
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2018-7794 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Tsxh5744M Firmware Tsxh5724M Firmware +25
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-5840 HIGH PATCH This Week

An issue was discovered in HashBrown CMS before 1.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Hashbrown Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy