Skip to main content
CVE-2020-6144 CRITICAL POC Act Now

A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Opensis
NVD
CVSS 3.1
9.8
EPSS
6.2%
CVE-2020-6143 CRITICAL POC Act Now

A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Opensis
NVD
CVSS 3.1
9.8
EPSS
6.2%
CVE-2020-6142 CRITICAL POC Act Now

A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Path Traversal Opensis
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2020-6140 CRITICAL POC Act Now

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-6139 CRITICAL POC Act Now

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-6138 CRITICAL POC Act Now

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-6137 CRITICAL POC Act Now

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-5777 CRITICAL POC PATCH THREAT Act Now

MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Apache Authentication Bypass Magmi
NVD
CVSS 3.1
9.8
EPSS
23.9%
CVE-2020-16204 CRITICAL POC Act Now

The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure N Tron 702 W Firmware N Tron 702M12 W Firmware
NVD
CVSS 3.1
9.8
EPSS
5.5%
CVE-2020-6141 CRITICAL POC Act Now

An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Opensis
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-7727 CRITICAL POC Act Now

All versions of package gedi are vulnerable to Prototype Pollution via the set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Gedi
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7726 CRITICAL POC Act Now

All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Safe Object2
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7725 CRITICAL POC Act Now

All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Worksmith
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7724 CRITICAL POC Act Now

All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Tiny Conf
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7723 CRITICAL POC Act Now

All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Promisehelpers
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7722 CRITICAL POC PATCH Act Now

All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Nodee Utils
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7721 CRITICAL POC Act Now

All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Node Oojs
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7719 CRITICAL POC PATCH Act Now

Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Locutus
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-7718 CRITICAL POC Act Now

All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Gammautils
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7717 CRITICAL POC Act Now

All versions of package dot-notes are vulnerable to Prototype Pollution via the create function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Dot Notes
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7716 CRITICAL POC Act Now

All versions of package deeps are vulnerable to Prototype Pollution via the set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Deeps
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7715 CRITICAL POC PATCH Act Now

All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Deep Get Set
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-7714 CRITICAL POC Act Now

All versions of package confucious are vulnerable to Prototype Pollution via the set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Confucious
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7713 CRITICAL POC Act Now

All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Arr Flatten Unflatten
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-16210 CRITICAL POC Act Now

The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE N Tron 702 W Firmware N Tron 702M12 W Firmware
NVD
CVSS 3.1
9.0
EPSS
3.2%
CVE-2020-16206 CRITICAL POC Act Now

The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Information Disclosure N Tron 702 W Firmware N Tron 702M12 W Firmware
NVD
CVSS 3.1
9.0
EPSS
3.2%
CVE-2020-5776 HIGH POC THREAT This Week

Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Magmi
NVD
CVSS 3.1
8.8
EPSS
14.7%
CVE-2020-6136 HIGH POC This Week

An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-24034 HIGH POC This Week

Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Deserialization F St 5280 Router Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-6135 HIGH POC This Week

An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-23836 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Warehouse Inventory System
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-23829 HIGH POC This Week

interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Librehealth Ehr
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-6134 HIGH POC This Week

SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6133 HIGH POC This Week

SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6132 HIGH POC This Week

SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6128 HIGH POC This Week

SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6127 HIGH POC This Week

SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6126 HIGH POC This Week

SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6125 HIGH POC This Week

An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6124 HIGH POC This Week

An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6131 HIGH POC This Week

SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6130 HIGH POC This Week

SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6129 HIGH POC This Week

SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6123 HIGH POC This Week

An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6122 HIGH POC This Week

SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6121 HIGH POC This Week

SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6120 HIGH POC This Week

SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6119 HIGH POC This Week

SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6118 HIGH POC This Week

SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6117 HIGH POC This Week

SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy