CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

155 matches found

Hacker One•added 2021/02/05 1:0 p.m.•9 views

ExpressionEngine: Arbitrary forum topic close with GET CSRF.

The vulnerability allowed attackers to open or close forum threads by exploiting the lack of CSRF protection...

7.1AI score

Exploits0

Hacker One•added 2021/02/05 12:50 p.m.•8 views

ExpressionEngine: Arbitrary comment content change with GET CSRF.

The vulnerability in Expression Engine 6.0.1 allowed unauthorized modification of comments through improperly protected requests...

7AI score

Exploits0

Hacker One•added 2021/02/05 11:2 a.m.•10 views

ExpressionEngine: Stored XSS filter bypass on discussion forum. "URL" tag.

A vulnerability was identified and fixed that could have allowed attackers to bypass the XSS filter in the discussion forum, enabling arbitrary JavaScript execution in the victim's browser...

6.3AI score

Exploits0

Hacker One•added 2021/02/05 10:52 a.m.•10 views

ExpressionEngine: Stored XSS filter bypass on discussion forum.

A vulnerability was identified and fixed that could have allowed attackers to bypass the XSS filter in the discussion forum, enabling arbitrary JavaScript execution in the victim's browser...

6.3AI score

Exploits0

Hacker One•added 2021/02/05 10:14 a.m.•14 views

ExpressionEngine: Non-authenticated path traversal leading to arbitrary file read

Non-authenticated path traversal leading to arbitrary file read. Insufficient user input filtering resulted in arbitrary file read by non-authenticated attacker, leading to sensitive information disclosure...

6.5CVSS6.1AI score0.0023EPSS

Exploits0

Hacker One•added 2021/02/02 11:25 p.m.•13 views

ExpressionEngine: PHP Code Injection through "Translate::save()" method

A vulnerability was identified and fixed that could have allowed attackers to inject and execute arbitrary PHP code through improperly sanitized user input...

7.8AI score

Exploits0

Hacker One•added 2020/08/27 4:2 a.m.•34 views

ExpressionEngine: SQL injection at /admin.php?/cp/members/create

SQL injection vulnerability in the control panel. This is limited to users who have access to the control panel, and the ability to create members...

6.5CVSS4AI score0.00323EPSS

Exploits0

CNVD•added 2020/06/28 12:0 a.m.•5 views

PACKET TIDE ExpressionEngine Code Issue Vulnerability

PACKET TIDE ExpressionEngine is the U.S. PACKET TIDE company's set of open source content management system CMS. A security vulnerability exists in PACKET TIDE ExpressionEngine versions prior to 5.3.2. A remote attacker can exploit the vulnerability to execute arbitrary code...

8.8CVSS8.9AI score0.009EPSS

Exploits1References1

NVD•added 2020/06/24 3:15 p.m.•12 views

CVE-2020-13443

ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges member is able to upload this. It is possible to bypass the MIME type check and file-extension check...

8.8CVSS0.009EPSS

Exploits1References2

OSV•added 2020/06/24 3:15 p.m.•12 views

CVE-2020-13443

8.8CVSS8AI score

Exploits0References2

Prion•added 2020/06/24 3:15 p.m.•13 views

Design/Logic Flaw

6.5CVSS9.1AI score0.009EPSS

Exploits1References2Affected Software1

Cvelist•added 2020/06/24 2:34 p.m.•13 views

CVE-2020-13443

9.1AI score0.009EPSS

Exploits1References2

CVE•added 2020/06/24 2:34 p.m.•43 views

CVE-2020-13443

ExpressionEngine before 5.3.2 is affected: remote attackers can upload and execute arbitrary code by bypassing MIME type and file-extension checks during Compose Msg, Add attachment, and Save As Draft actions. A low-privilege member can exploit this, with direct access to uploaded PHP files. The ...

8.8CVSS9AI score0.009EPSS

Exploits1References2Affected Software1

Hacker One•added 2020/04/06 12:57 p.m.•16 views

ExpressionEngine: Low privileges (auth) Remote Command Execution - PHP file upload bypass.

The ExpressionEngine software was vulnerable to a remote command execution flaw due to a bypass in the file upload extension check, which allowed a low-privileged user to execute arbitrary commands...

8.8CVSS9AI score0.009EPSS

Exploits1

Hacker One•added 2019/06/07 8:3 a.m.•24 views

ExpressionEngine: Open Redirect in comment section

@winst0n13 discovered that the URL you are redirected to after successfully submitting a comment could be modified in certain circumstances. @winst0n13 gave a detailed report with step-by-step instructions for replicating, enabling a speedy resolution to the issue...

1.9AI score

Exploits0

Packet Storm•added 2018/12/31 12:0 a.m.•124 views

TotalComfortSolutions Company 1.0 SQL Injection

Exploit Title : TotalComfortSolutions Company 1.0 SQL Injection Author Discovered By : KingSkrupellos Date : 30/12/2018 Vendor Homepages : totalcomfortsolutions.com Tested On : Windows and Linux Exploit Risk : Medium Category : WebApps Version Information : jQuery 1.4.11 - CodeIgniter -...

0.4AI score

Exploits0

OSV•added 2018/10/01 11:29 p.m.•1 views

CVE-2018-17874

ExpressionEngine before 4.3.5 has reflected XSS...

6.1CVSS5.8AI score

Exploits0References1

NVD•added 2018/10/01 11:29 p.m.•9 views

CVE-2018-17874

ExpressionEngine before 4.3.5 has reflected XSS...

6.1CVSS6.4AI score0.00301EPSS

Exploits0References1

Prion•added 2018/10/01 11:29 p.m.•9 views

Cross site scripting

ExpressionEngine before 4.3.5 has reflected XSS...

4.3CVSS6.3AI score0.00301EPSS

Exploits0References1Affected Software1

CVE•added 2018/10/01 11:0 p.m.•43 views

CVE-2018-17874

CVE-2018-17874 concerns ExpressionEngine prior to version 4.3.5, which has a reflected XSS vulnerability. The connected records confirm the affected product and the vulnerability type; a remediation path is evidenced by the changelog entry for version 4.3.5. No explicit exploitation details, affe...

6.1CVSS6.3AI score0.00301EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by