Skip to main content

Apache2Triad

3 CVEs product

Monthly

CVE-2017-12971 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Apache2Triad
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.9%
CVE-2017-12970 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Apache2Triad
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-12965 CRITICAL POC THREAT Emergency

Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.2%.

Session Fixation Information Disclosure Apache2Triad
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
22.2%
Threat
4.1
EPSS 3% CVSS 6.1
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Apache2Triad
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Apache2Triad
NVD Exploit-DB
EPSS 22% 4.1 CVSS 9.8
CRITICAL POC THREAT Emergency

Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.2%.

Session Fixation Information Disclosure Apache2Triad
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy