Skip to main content
CVE-2020-15540 CRITICAL POC Act Now

We-com OpenData CMS 2.0 allows SQL Injection via the username field on the administrator login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Opendata Cms
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-15539 CRITICAL POC Act Now

SQL injection can occur in We-com Municipality portal CMS 2.1.x via the cerca/ keywords field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Municipality Portal Cms
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-15543 CRITICAL Act Now

SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Serv U Ftp Server
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-15542 CRITICAL Act Now

SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Serv U Ftp Server
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-15541 CRITICAL Act Now

SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Serv U Ftp Server
NVD
CVSS 3.1
9.8
EPSS
7.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy