Skip to main content
CVE-2020-28183 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Water Billing System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-28130 CRITICAL POC Act Now

An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Online Library Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
6.3%
CVE-2020-26553 CRITICAL POC Act Now

An issue was discovered in Aviatrix Controller before R6.0.2483. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Controller
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-28133 CRITICAL POC Act Now

An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass PHP Simple Grocery Store Sales And Inventory System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-28140 CRITICAL POC Act Now

SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Clothing Store
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-28138 CRITICAL POC Act Now

SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Clothing Store
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-27555 CRITICAL POC Act Now

Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ge 131 Bt 1837836 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-7774 CRITICAL POC PATCH THREAT Act Now

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Y18N Graalvm Sinec Infrastructure Network Services
NVD GitHub
CVSS 3.1
9.8
EPSS
69.1%
CVE-2020-27131 CRITICAL Act Now

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Microsoft Deserialization Security Manager
NVD
CVSS 3.1
9.8
EPSS
87.7%
CVE-2020-27125 CRITICAL Act Now

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Security Manager
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-11851 CRITICAL Act Now

Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Arcsight Logger
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-27130 CRITICAL Act Now

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Path Traversal Security Manager
NVD
CVSS 3.1
9.1
EPSS
65.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy