Skip to main content

Dbninja

3 CVEs product

Monthly

CVE-2019-7748 MEDIUM POC This Month

_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbninja
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7747 CRITICAL POC Act Now

DbNinja 3.2.7 allows session fixation via the data.php sessid parameter. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Session Fixation Information Disclosure Dbninja
NVD GitHub
CVSS 3.0
9.6
EPSS
1.4%
CVE-2019-7545 MEDIUM POC This Month

In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dbninja
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbninja
NVD GitHub
EPSS 1% CVSS 9.6
CRITICAL POC Act Now

DbNinja 3.2.7 allows session fixation via the data.php sessid parameter. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Session Fixation Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dbninja
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy