Skip to main content
CVE-2020-35665 CRITICAL POC THREAT Emergency

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Terramaster Operating System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
78.1%
CVE-2020-28073 CRITICAL POC Act Now

SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Library Management System
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-28070 CRITICAL POC THREAT Act Now

SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi PHP Alumni Management System
NVD
CVSS 3.1
9.8
EPSS
22.9%
CVE-2020-13968 CRITICAL POC Act Now

CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Business Platform
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-29552 CRITICAL POC Act Now

An issue was discovered in URVE Build 24.03.2020. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Urve
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2020-29551 CRITICAL POC Act Now

An issue was discovered in URVE Build 24.03.2020. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Urve
NVD
CVSS 3.1
9.1
EPSS
2.8%
CVE-2020-28074 CRITICAL Act Now

SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Online Health Care System
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-11720 CRITICAL Act Now

An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bilanc
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-25196 CRITICAL Act Now

The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nport Iaw5000A I O Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-25190 CRITICAL Act Now

The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nport Iaw5000A I O Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy