3 matches found
CVE-2021-25080
The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against logged in admins viewing the created entry...
CVE-2018-13285
Command injection vulnerability in ftpd in Synology Router Manager SRM before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the 1 MKD or 2 RMD command...
CVE-2018-13292
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration...