CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2020/03/12 2:15 p.m.•11 views

Cross site scripting

3.5CVSS4.9AI score0.00321EPSS

Exploits1References2Affected Software1

CVE•added 2020/03/12 1:4 p.m.•38 views

CVE-2020-10437

CVE-2020-10437 affects Chadha PHPKB Standard Multi-Language 9. The Red Hat records confirm that URIs handled in admin/header.php allow Reflected XSS by injecting a payload after a question mark, affecting admin/add-article.php, admin/trash-box.php, and admin/optimize-database.php via the same pat...

4.8CVSS4.9AI score0.00321EPSS

Exploits1References2Affected Software1

Snyk•added 2020/02/01 2:9 p.m.•1 views

Cross-site Request Forgery (CSRF)

Overview phppgadmin/phppgadmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies, and hosting services. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. Multiple areas within the application allows sensitive actions t...

9.6CVSS7.4AI score0.00431EPSS

Prion•added 2019/04/30 8:29 p.m.•8 views

Information disclosure

doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. A remote unauthenticated attacker could exploit this vulnerability to obtain the administrator password...

5CVSS8.7AI score0.00974EPSS

CVE•added 2019/04/30 7:40 p.m.•37 views

CVE-2019-11616

CVE-2019-11616 affects doorGets 7.0. The vulnerability is a sensitive information disclosure in /setup/temp/admin.php and /setup/temp/database.php, allowing a remote unauthenticated attacker to obtain the administrator password. Affected software: doorGets 7.0 (web CMS). Root cause and vector det...

9.8CVSS8.7AI score0.00974EPSS

NVD•added 2019/02/18 12:29 a.m.•10 views

CVE-2019-8425

includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages...

6.1CVSS6AI score0.0033EPSS

OSV•added 2019/02/18 12:29 a.m.•13 views

CVE-2019-8425

includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages...

6.1CVSS6AI score

Exploits0References2

Debian CVE•added 2019/02/18 12:0 a.m.•17 views

CVE-2019-8425

includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages...

6.1CVSS2.4AI score0.0033EPSS

Exploits1

Cvelist•added 2019/02/18 12:0 a.m.•14 views

CVE-2019-8425

includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages...

5.7AI score0.0033EPSS

NVD•added 2019/01/10 2:29 p.m.•7 views

CVE-2019-5886

An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. The attacker can write arbitrary code to database.php during system reinstallation...

9.8CVSS9.5AI score0.00407EPSS

OSV•added 2018/11/22 5:29 a.m.•12 views

CVE-2018-19433

ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $curlang value...

6.1CVSS5.8AI score

Exploits0References1

Prion•added 2018/11/22 5:29 a.m.•13 views

Design/Logic Flaw

ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $curlang value...

4.3CVSS6AI score0.0024EPSS

Cvelist•added 2018/11/22 5:0 a.m.•11 views

CVE-2018-19433

ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $curlang value...

6.1AI score0.0024EPSS

Prion•added 2018/11/11 5:29 p.m.•15 views

Code injection

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 if install.lock is not present allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DBPREFIX field, which is written to database.php...

7.5CVSS9.7AI score0.0074EPSS

NVD•added 2018/11/11 5:29 p.m.•11 views

CVE-2018-19180

9.8CVSS9.8AI score0.0074EPSS

Cvelist•added 2018/11/11 5:0 p.m.•17 views

CVE-2018-19180

9.8AI score0.0074EPSS