Skip to main content
CVE-2022-28528 HIGH POC This Week

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Bloofoxcms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-28918 HIGH POC This Week

GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Greencms
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-28527 HIGH POC This Week

dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Dhcms
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-28523 HIGH POC This Week

HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Hongcms
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-28059 HIGH POC This Week

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Verydows
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-28058 HIGH POC This Week

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Verydows
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-24882 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Freerdp Extra Packages For Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2022-28525 HIGH This Week

ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Ed01 Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-23942 HIGH PATCH This Week

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Information Disclosure Doris
NVD
CVSS 3.1
7.5
EPSS
3.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy