Skip to main content

Hisiphp

4 CVEs product

Monthly

CVE-2024-33445 CRITICAL POC Act Now

An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Hisiphp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-1010193 MEDIUM POC This Month

hisiphp 1.0.8 is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hisiphp
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-17827 HIGH POC This Week

HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Hisiphp
NVD GitHub
CVSS 3.0
7.2
EPSS
1.4%
CVE-2018-17826 HIGH POC This Week

HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Hisiphp
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

hisiphp 1.0.8 is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hisiphp
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Hisiphp
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy