Avaterxxx
Products
5- 6 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16731 | Cri | 0.64 | 9.8 | 0.01 | Sep 8, 2018 | CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. | ||
| CVE-2018-17836 | Hig | 0.57 | 8.8 | 0.02 | Oct 1, 2018 | An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload. | ||
| CVE-2018-14978 | Hig | 0.57 | 8.8 | 0.00 | Aug 6, 2018 | An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI. | ||
| CVE-2018-14966 | Hig | 0.57 | 8.8 | 0.00 | Aug 6, 2018 | An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF. | ||
| CVE-2018-17838 | Hig | 0.49 | 7.5 | 0.02 | Oct 1, 2018 | An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring. | ||
| CVE-2018-14964 | Med | 0.35 | 5.4 | 0.01 | Aug 6, 2018 | An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page. | ||
| CVE-2018-14962 | Med | 0.35 | 5.4 | 0.01 | Aug 6, 2018 | zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php. | ||
| CVE-2018-14976 | Med | 0.31 | 4.8 | 0.01 | Aug 6, 2018 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS. | ||
| CVE-2018-14974 | Med | 0.31 | 4.8 | 0.01 | Aug 6, 2018 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS. | ||
| CVE-2018-14972 | Med | 0.31 | 4.8 | 0.01 | Aug 6, 2018 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS. | ||
| CVE-2018-14971 | Med | 0.31 | 4.8 | 0.01 | Aug 6, 2018 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS. | ||
| CVE-2018-14969 | Med | 0.31 | 4.8 | 0.01 | Aug 6, 2018 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS. |
- risk 0.64cvss 9.8epss 0.01
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload.
- risk 0.57cvss 8.8epss 0.00
An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI.
- risk 0.57cvss 8.8epss 0.00
An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring.
- risk 0.35cvss 5.4epss 0.01
An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page.
- risk 0.35cvss 5.4epss 0.01
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS.