An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register...
9.8CVSS
9.1AI Score
0.002EPSS
Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in...
9.8CVSS
9.8AI Score
0.002EPSS
Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to...
8.4AI Score
0.011EPSS
Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to...
7.8AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other...
6.4AI Score
0.007EPSS
Falcon web server allows remote attackers to determine the absolute path of the web root via long file...
7.6AI Score
0.005EPSS