Skip to main content

Verydows

6 CVEs product

Monthly

CVE-2023-51949 HIGH POC This Week

Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Verydows
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-28059 HIGH POC This Week

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Verydows
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-28058 HIGH POC This Week

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Verydows
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2019-8363 MEDIUM POC This Month

Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Verydows
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-7753 MEDIUM POC This Month

Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Verydows
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-7737 HIGH POC This Week

A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Verydows
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
EPSS 0% CVSS 8.8
HIGH POC This Week

Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Verydows
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Verydows
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Verydows
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Verydows
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Verydows
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Verydows
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy