17 matches found
EUVD-2022-32543
Malicious code in bioql PyPI...
EUVD-2022-32544
Malicious code in bioql PyPI...
CVE-2025-29394
An insecure permissions vulnerability in verydows v2.0 allows a remote attacker to execute arbitrary code by uploading a file type...
CVE-2025-29394
An insecure permissions vulnerability in verydows v2.0 allows a remote attacker to execute arbitrary code by uploading a file type...
CVE-2025-29394
CVE-2025-29394 affects verydows v2.0. The issue is an insecure permissions flaw in file uploads that permits a remote attacker to execute arbitrary code. Root cause: improper handling of uploaded files (permissions) enabling code execution. Evidence across sources confirms impact as remote code e...
CVE-2023-51949
Verydows v2.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /protected/controller/backend/rolecontroller...
Cross site request forgery (csrf)
Verydows v2.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /protected/controller/backend/rolecontroller...
Verydows Cross-Site Request Forgery Vulnerability
Verydows is a lightweight open source e-commerce management system developed in PHP. Verydows v2.0 version exists cross-site request forgery vulnerability , the vulnerability stems from the component /protected/controller/backend/rolecontroller contains cross-site request forgery...
CVE-2023-51949
Verydows v2.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /protected/controller/backend/rolecontroller...
CVE-2022-28059
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\databasecontroller.php...
CVE-2022-28058
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\filecontroller.php...
Arbitrary file deletion
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\databasecontroller.php...
CVE-2022-28059
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\databasecontroller.php...
CVE-2022-28058
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\filecontroller.php...
Cross site request forgery (csrf)
A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit...
CVE-2019-7737
A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit...
CVE-2019-7737
A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit...