Skip to main content
CVE-2022-25411 CRITICAL POC Act Now

A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Maxsite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-24571 CRITICAL POC Act Now

Car Driving School Management System v1.0 is affected by SQL injection in the login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Car Driving School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-0412 CRITICAL POC THREAT Act Now

The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Ti Woocommerce Wishlist
NVD WPScan
CVSS 3.1
9.8
EPSS
74.0%
CVE-2022-0768 CRITICAL POC PATCH Act Now

Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Alltube
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2022-24711 CRITICAL PATCH Act Now

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy