Indexhibit
Products
2- 8 CVEs
- 1 CVE
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-16314 | Cri | 0.67 | 9.8 | 0.39 | Sep 14, 2019 | Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2. | ||
| CVE-2020-18121 | Hig | 0.57 | 8.8 | 0.01 | Aug 30, 2021 | A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell. | ||
| CVE-2019-8954 | Hig | 0.57 | 8.8 | 0.03 | Feb 20, 2019 | In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI. | ||
| CVE-2020-18127 | Med | 0.42 | 6.5 | 0.01 | Aug 30, 2021 | An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files. | ||
| CVE-2020-18123 | Med | 0.42 | 6.5 | 0.00 | Aug 30, 2021 | A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts. | ||
| CVE-2020-18125 | Med | 0.40 | 6.1 | 0.01 | Aug 30, 2021 | A reflected cross-site scripting (XSS) vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML. | ||
| CVE-2020-18124 | Med | 0.37 | 5.7 | 0.00 | Aug 30, 2021 | A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords. | ||
| CVE-2020-18126 | Med | 0.35 | 5.4 | 0.01 | Aug 30, 2021 | Multiple stored cross-site scripting (XSS) vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML. |
- risk 0.67cvss 9.8epss 0.39
Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.
- risk 0.57cvss 8.8epss 0.01
A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell.
- risk 0.57cvss 8.8epss 0.03
In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI.
- risk 0.42cvss 6.5epss 0.01
An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files.
- risk 0.42cvss 6.5epss 0.00
A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts.
- risk 0.40cvss 6.1epss 0.01
A reflected cross-site scripting (XSS) vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML.
- risk 0.37cvss 5.7epss 0.00
A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords.
- risk 0.35cvss 5.4epss 0.01
Multiple stored cross-site scripting (XSS) vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML.