Skip to main content

Inxedu

5 CVEs product

Monthly

CVE-2024-35570 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Inxedu
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-35080 CRITICAL Act Now

An arbitrary file upload vulnerability in the gok4 method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Inxedu
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-35079 CRITICAL Act Now

An arbitrary file upload vulnerability in the uploadAudio method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Inxedu
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2019-7684 CRITICAL POC Act Now

inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Inxedu
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-3576 CRITICAL Act Now

inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATH_INFO. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Information Disclosure Inxedu
NVD
CVSS 3.0
9.8
EPSS
1.5%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Inxedu
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability in the gok4 method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Inxedu
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability in the uploadAudio method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Inxedu
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Inxedu
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATH_INFO. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Information Disclosure +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy