Skip to main content

CWE-473

PHP External Variable Modification

3 CVEs Avg CVSS 7.5 MITRE
1
CRITICAL
1
HIGH
1
MEDIUM
0
LOW
2
POC
2
KEV

Monthly

CVE-2024-27489 HIGH This Week

An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-36845 CRITICAL POC KEV THREAT Emergency

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Juniper Code Injection PHP Junos
NVD
CVSS 3.1
9.8
EPSS
93.5%
CVE-2023-36844 MEDIUM POC KEV THREAT This Month

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Juniper PHP Information Disclosure Junos
NVD
CVSS 3.1
5.3
EPSS
89.6%
EPSS 0% CVSS 7.5
HIGH This Week

An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
EPSS 94% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Juniper Code Injection PHP +1
NVD
EPSS 90% CVSS 5.3
MEDIUM POC KEV THREAT This Month

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Juniper PHP Information Disclosure +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy