Skip to main content
CVE-2020-15160 CRITICAL POC PATCH THREAT Act Now

PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Prestashop
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
10.8%
CVE-2020-15851 CRITICAL POC Act Now

Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Backup Replication Transporter
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-12843 CRITICAL POC Act Now

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ismartgate Pro Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-12842 CRITICAL POC Act Now

ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Ismartgate Pro Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-12839 CRITICAL POC Act Now

ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Ismartgate Pro Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-12838 CRITICAL POC Act Now

ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Ismartgate Pro Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-13505 CRITICAL POC Act Now

Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Edna Enterprise Data Historian
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-13504 CRITICAL POC Act Now

Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Edna Enterprise Data Historian
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-13501 CRITICAL POC Act Now

An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Edna Enterprise Data Historian
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-13500 CRITICAL POC Act Now

SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Edna Enterprise Data Historian
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-13499 CRITICAL POC Act Now

An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Edna Enterprise Data Historian
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-16147 CRITICAL POC Act Now

The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via Unauthenticated code injection over the network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Accesslog Firmware Educ Box Firmware Git Box Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-3426 CRITICAL Act Now

A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Apple Cisco Information Disclosure +1
NVD
CVSS 3.1
9.1
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy