Skip to main content
CVE-2020-29288 CRITICAL POC Act Now

An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gym Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-29287 CRITICAL POC Act Now

An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Car Rental Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-29285 CRITICAL POC Act Now

SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Point Of Sales In Php Pdo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-29284 CRITICAL POC Act Now

The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Multi Restaurant Table Reservation System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
6.1%
CVE-2020-29283 CRITICAL POC Act Now

An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Doctor Appointment Booking System Php And Mysql
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-29282 CRITICAL POC Act Now

SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Bloodx
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-29280 CRITICAL POC Act Now

The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Victor Cms
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-29279 CRITICAL POC THREAT Act Now

PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP 74Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
52.9%
CVE-2020-28273 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Denial Of Service Set In
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-28272 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Denial Of Service Keyget
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-6018 CRITICAL POC PATCH Act Now

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_DecryptContext::Decrypt() when compiled using libsodium, leading to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Game Networking Sockets
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-29389 CRITICAL Act Now

The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Crux Linux Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-7199 CRITICAL Act Now

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Edgeline Infrastructure Manager
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2020-14260 CRITICAL Act Now

HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Domino
NVD
CVSS 3.1
9.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy