Skip to main content
CVE-2020-24715 CRITICAL POC PATCH Act Now

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Scalyr Agent
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2020-24714 CRITICAL POC PATCH Act Now

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Information Disclosure Scalyr Agent
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-24203 CRITICAL POC Act Now

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Travel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-24202 CRITICAL POC Act Now

File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE House Rental And Property Listing Project
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-23979 CRITICAL POC Act Now

13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP 13Enforme Cms
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-23978 CRITICAL POC Act Now

SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ecommerce Cms
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-23976 CRITICAL POC Act Now

Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ecommerce Cms
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-23973 CRITICAL POC Act Now

KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Kandnconcepts Club Cms
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-23980 CRITICAL POC Act Now

DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Conference Management
NVD
CVSS 3.1
9.8
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy