CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

Prion•added 2018/07/16 2:29 p.m.•12 views

Remote code execution

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. This is related t...

7.5CVSS9.9AI score0.36699EPSS

Exploits5References3Affected Software1

OSV•added 2018/07/16 2:29 p.m.•1 views

CVE-2018-13980

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal...

5.5CVSS5.8AI score

Exploits0References3

NVD•added 2018/07/16 2:29 p.m.•9 views

CVE-2018-13981

9.8CVSS10AI score0.36699EPSS

Exploits5References3

NVD•added 2018/07/16 2:29 p.m.•8 views

CVE-2018-13980

5.5CVSS5.5AI score0.14656EPSS

Exploits5References3

CVE•added 2018/07/16 2:0 p.m.•105 views

CVE-2018-13980

CVE-2018-13980 affects Zeta Producer Desktop CMS <14.2.1. The vulnerability is Local File Inclusion via the filebrowser plugin, exploiting assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal. Resulting impact is unauthenticated local file disclosure on websites built with ...

5.5CVSS5.7AI score0.14656EPSS

Exploits5References3Affected Software1

CVE•added 2018/07/16 2:0 p.m.•49 views

CVE-2018-13981

Zeta Producer Desktop CMS

9.8CVSS8.1AI score0.36699EPSS

Exploits5References3Affected Software1