Skip to main content
CVE-2021-36624 CRITICAL POC Act Now

Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass Phone Shop Sales Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-35458 CRITICAL POC Act Now

Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Pet Shop We App
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-34166 CRITICAL POC Act Now

A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Food Website
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-34165 CRITICAL POC Act Now

A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Basic Shopping Cart
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-25200 CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-37593 CRITICAL POC Act Now

PEEL Shopping version 9.4.0 allows remote SQL injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Information Disclosure Peel Shopping
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
5.2%
CVE-2021-37144 CRITICAL POC Act Now

CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Csz Cms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-37595 CRITICAL PATCH Act Now

In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Freerdp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-37594 CRITICAL PATCH Act Now

In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Freerdp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-30124 CRITICAL PATCH Act Now

The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP Vscode Phpmd
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-29781 CRITICAL PATCH Act Now

IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization IBM RCE Partner Engagement Manager
NVD
CVSS 3.1
9.8
EPSS
2.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy