Skip to main content

Kohana

3 CVEs product

Monthly

CVE-2019-8979 CRITICAL POC Act Now

Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Kohana
NVD GitHub
CVSS 3.0
9.8
EPSS
3.2%
CVE-2014-8684 PHP CRITICAL POC PATCH THREAT Act Now

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 44.8%.

Code Injection PHP Codeigniter Kohana
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
44.8%
Threat
4.8
CVE-2016-10510 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kohana Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Kohana
NVD GitHub
EPSS 45% 4.8 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 44.8%.

Code Injection PHP Codeigniter +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kohana +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy