Lucene search
K

CVE-2017-16666

🗓️ 05 Jan 2018 16:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 63 Views🌐 WEB

Xplico 1.2.1 allows remote users to execute arbitrary commands

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today
Xplico Remote Code Execution Exploit
4 Jan 201800:00
zdt
ATTACKERKB
CVE-2017-16666
5 Jan 201816:29
attackerkb
Circl
CVE-2017-16666
4 Jan 201800:00
circl
CNVD
Xplico Arbitrary Command Execution Vulnerability
8 Jan 201800:00
cnvd
Cvelist
CVE-2017-16666
5 Jan 201816:00
cvelist
Exploit DB
Xplico - Remote Code Execution (Metasploit)
4 Jan 201800:00
exploitdb
exploitpack
Xplico - Remote Code Execution (Metasploit)
4 Jan 201800:00
exploitpack
Metasploit
Xplico Remote Code Execution
14 Nov 201706:30
metasploit
NVD
CVE-2017-16666
5 Jan 201816:29
nvd
OSV
CVE-2017-16666
5 Jan 201816:29
osv
Rows per page
NVD
Node
xplicoxplicoRange<1.2.1
ParameterPositionPathDescriptionCWE
data[User][email]request bodyusers/registerHidden user registration endpoint allows creation of new users.CWE-78
data[User][username]request bodyusers/registerHidden user registration endpoint allows creation of new users.CWE-78
data[User][password]request bodyusers/registerHidden user registration endpoint allows creation of new users.CWE-78
data[_Token][key]request bodyusers/registerHidden user registration endpoint allows creation of new users.CWE-78
data[_Token][fields]request bodyusers/registerHidden user registration endpoint allows creation of new users.CWE-78
data[_Token][unlocked]request bodyusers/registerHidden user registration endpoint allows creation of new users.CWE-78
em_keypathusers/registerConfirm/<em_key>Activation via email link uses em_key; token can be predicted due to weak randomization.CWE-78
emailpathusers/registerConfirm/<em_key>Activation via email link uses em_key; token can be predicted due to weak randomization.CWE-78
passwordpathusers/registerConfirm/<em_key>Activation via email link uses em_key; token can be predicted due to weak randomization.CWE-78
data[Sols][File]binarysols/pcapAuthenticated command injection via PCAP file upload where filename is used in a shell command.CWE-78
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 01:09Current
8.8High risk
Vulners AI Score8.8
CVSS 38.8
CVSS 29
EPSS0.80098
63