PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.