| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-13350 | Cri | 0.65 | 9.8 | 0.17 | Nov 27, 2018 | SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter. | ||
| CVE-2018-13338 | Cri | 0.65 | 9.8 | 0.10 | Nov 27, 2018 | System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation. | ||
| CVE-2018-13336 | Cri | 0.64 | 9.8 | 0.09 | Nov 27, 2018 | System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation. | ||
| CVE-2018-17936 | Cri | 0.68 | 9.8 | 0.15 | Nov 27, 2018 | NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution. | ||
| CVE-2018-17934 | Cri | 0.68 | 9.8 | 0.20 | Nov 27, 2018 | NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code. | ||
| CVE-2018-13316 | Cri | 0.64 | 9.8 | 0.03 | Nov 27, 2018 | System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter. | ||
| CVE-2018-13314 | Cri | 0.64 | 9.8 | 0.03 | Nov 27, 2018 | System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter. | ||
| CVE-2018-13307 | Cri | 0.64 | 9.8 | 0.03 | Nov 27, 2018 | System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable. | ||
| CVE-2018-13306 | Cri | 0.64 | 9.8 | 0.03 | Nov 27, 2018 | System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter. | ||
| CVE-2018-19595 | Cri | 0.64 | 9.8 | 0.04 | Nov 27, 2018 | PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect… | ||
| CVE-2018-13324 | Cri | 0.66 | 9.8 | 0.23 | Nov 26, 2018 | Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header. | ||
| CVE-2018-13315 | Cri | 0.64 | 9.8 | 0.02 | Nov 26, 2018 | Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request. | ||
| CVE-2018-13311 | Cri | 0.64 | 9.8 | 0.03 | Nov 26, 2018 | System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter. | ||
| CVE-2018-11066 | Cri | 0.64 | 9.8 | 0.10 | Nov 26, 2018 | Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote… | ||
| CVE-2018-19559 | Cri | 0.64 | 9.8 | 0.01 | Nov 26, 2018 | CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. | ||
| CVE-2018-19558 | Cri | 0.64 | 9.8 | 0.01 | Nov 26, 2018 | An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php. | ||
| CVE-2018-19557 | Cri | 0.64 | 9.8 | 0.01 | Nov 26, 2018 | An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images. | ||
| CVE-2018-19548 | Cri | 0.64 | 9.8 | 0.02 | Nov 26, 2018 | index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach. | ||
| CVE-2018-19531 | Cri | 0.64 | 9.8 | 0.05 | Nov 26, 2018 | HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting. | ||
| CVE-2018-19530 | Cri | 0.64 | 9.8 | 0.05 | Nov 26, 2018 | HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting. | ||
| CVE-2018-19528 | Cri | 0.64 | 9.8 | 0.03 | Nov 26, 2018 | TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp. | ||
| CVE-2018-19486 | Cri | 0.00 | 9.8 | 0.04 | Nov 23, 2018 | Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. | ||
| CVE-2018-19468 | Cri | 0.64 | 9.8 | 0.01 | Nov 23, 2018 | HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI. | ||
| CVE-2018-19417 | Cri | 0.65 | 10.0 | 0.06 | Nov 21, 2018 | An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH… | ||
| CVE-2018-19410 | Cri | 0.83 | 9.8 | 0.86 | KEV | Nov 21, 2018 | PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm… | |
| CVE-2018-19409 | Cri | 0.64 | 9.8 | 0.08 | Nov 21, 2018 | An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. | ||
| CVE-2009-5153 | Cri | 0.64 | 9.8 | 0.06 | Nov 21, 2018 | In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted. | ||
| CVE-2018-18864 | Cri | 0.63 | 9.6 | 0.03 | Nov 20, 2018 | Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed. | ||
| CVE-2018-18861 | Cri | 0.64 | 9.8 | 0.04 | Nov 20, 2018 | Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command. | ||
| CVE-2018-18563 | Cri | 0.62 | 9.6 | 0.01 | Nov 20, 2018 | An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232… | ||
| CVE-2018-18439 | Cri | 0.64 | 9.8 | 0.02 | Nov 20, 2018 | DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image. | ||
| CVE-2018-16223 | Cri | 0.64 | 9.8 | 0.02 | Nov 20, 2018 | Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password. | ||
| CVE-2018-19367 | Cri | 0.64 | 9.8 | 0.01 | Nov 20, 2018 | Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case. | ||
| CVE-2018-9209 | Cri | 0.64 | 9.8 | 0.02 | Nov 19, 2018 | Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2 | ||
| CVE-2018-9207 | Cri | 0.64 | 9.8 | 0.03 | Nov 19, 2018 | Arbitrary file upload in jQuery Upload File <= 4.0.2 | ||
| CVE-2018-17190 | — | Cri | 0.64 | 9.8 | 0.09 | Nov 19, 2018 | In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the… | |
| CVE-2018-15761 | Cri | 0.57 | 9.9 | 0.02 | Nov 19, 2018 | Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that… | ||
| CVE-2018-15759 | Cri | 0.52 | 9.1 | 0.02 | Nov 19, 2018 | Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and… | ||
| CVE-2018-19355 | Cri | 0.64 | 9.8 | 0.04 | Nov 19, 2018 | modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations… | ||
| CVE-2018-19333 | Cri | 0.00 | 9.8 | 0.01 | Nov 17, 2018 | pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled. | ||
| CVE-2018-19328 | Cri | 0.64 | 9.8 | 0.02 | Nov 17, 2018 | LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal. | ||
| CVE-2018-18806 | Cri | 0.64 | 9.8 | 0.02 | Nov 16, 2018 | School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb. | ||
| CVE-2018-18805 | Cri | 0.67 | 9.8 | 0.05 | Nov 16, 2018 | Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb. | ||
| CVE-2018-18804 | Cri | 0.67 | 9.8 | 0.03 | Nov 16, 2018 | Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb. | ||
| CVE-2018-18803 | Cri | 0.67 | 9.8 | 0.03 | Nov 16, 2018 | Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb. | ||
| CVE-2018-18801 | Cri | 0.67 | 9.8 | 0.03 | Nov 16, 2018 | The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL]. | ||
| CVE-2018-18796 | Cri | 0.64 | 9.8 | 0.02 | Nov 16, 2018 | Library Management System 1.0 has SQL Injection via the "Search for Books" screen. | ||
| CVE-2018-18795 | Cri | 0.67 | 9.8 | 0.03 | Nov 16, 2018 | School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter. | ||
| CVE-2018-18793 | Cri | 0.67 | 9.8 | 0.10 | Nov 16, 2018 | School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos. | ||
| CVE-2018-18763 | Cri | 0.67 | 9.8 | 0.03 | Nov 16, 2018 | SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection. |
- risk 0.65cvss 9.8epss 0.17
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.
- risk 0.65cvss 9.8epss 0.10
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.
- risk 0.64cvss 9.8epss 0.09
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.
- risk 0.68cvss 9.8epss 0.15
NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.
- risk 0.68cvss 9.8epss 0.20
NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code.
- risk 0.64cvss 9.8epss 0.03
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.
- risk 0.64cvss 9.8epss 0.03
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.
- risk 0.64cvss 9.8epss 0.03
System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable.
- risk 0.64cvss 9.8epss 0.03
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter.
- risk 0.64cvss 9.8epss 0.04
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect…
- risk 0.66cvss 9.8epss 0.23
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header.
- risk 0.64cvss 9.8epss 0.02
Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.
- risk 0.64cvss 9.8epss 0.03
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter.
- risk 0.64cvss 9.8epss 0.10
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote…
- risk 0.64cvss 9.8epss 0.01
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images.
- risk 0.64cvss 9.8epss 0.02
index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach.
- risk 0.64cvss 9.8epss 0.05
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting.
- risk 0.64cvss 9.8epss 0.05
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting.
- risk 0.64cvss 9.8epss 0.03
TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp.
- risk 0.00cvss 9.8epss 0.04
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
- risk 0.64cvss 9.8epss 0.01
HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.
- risk 0.65cvss 10.0epss 0.06
An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH…
- risk 0.83cvss 9.8epss 0.86
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm…
- risk 0.64cvss 9.8epss 0.08
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
- risk 0.64cvss 9.8epss 0.06
In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted.
- risk 0.63cvss 9.6epss 0.03
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.
- risk 0.64cvss 9.8epss 0.04
Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command.
- risk 0.62cvss 9.6epss 0.01
An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232…
- risk 0.64cvss 9.8epss 0.02
DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.
- risk 0.64cvss 9.8epss 0.02
Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password.
- risk 0.64cvss 9.8epss 0.01
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.
- risk 0.64cvss 9.8epss 0.02
Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2
- risk 0.64cvss 9.8epss 0.03
Arbitrary file upload in jQuery Upload File <= 4.0.2
- risk 0.64cvss 9.8epss 0.09
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the…
- risk 0.57cvss 9.9epss 0.02
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that…
- risk 0.52cvss 9.1epss 0.02
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and…
- risk 0.64cvss 9.8epss 0.04
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations…
- risk 0.00cvss 9.8epss 0.01
pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled.
- risk 0.64cvss 9.8epss 0.02
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.
- risk 0.64cvss 9.8epss 0.02
School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb.
- risk 0.67cvss 9.8epss 0.05
Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.
- risk 0.67cvss 9.8epss 0.03
Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb.
- risk 0.67cvss 9.8epss 0.03
Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb.
- risk 0.67cvss 9.8epss 0.03
The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL].
- risk 0.64cvss 9.8epss 0.02
Library Management System 1.0 has SQL Injection via the "Search for Books" screen.
- risk 0.67cvss 9.8epss 0.03
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.
- risk 0.67cvss 9.8epss 0.10
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
- risk 0.67cvss 9.8epss 0.03
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.