CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/22 4:16 a.m.•7 views

CVE-2012-6434

Multiple cross-site request forgery CSRF vulnerabilities in e107admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the 1 downloadurl, 2 downloadurlextended, 3 downloadauthoremail, 4...

6.8CVSS8.5AI score0.00195EPSS

Exploits6References1

RedhatCVE•added 2025/05/22 3:14 a.m.•2 views

CVE-2014-10396

The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php...

7.5CVSS7.1AI score0.01146EPSS

OSV•added 2025/03/25 6:15 a.m.•0 views

CVE-2024-13618

The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

7.2CVSS7.4AI score0.0017EPSS

CNNVD•added 2025/03/25 12:0 a.m.•2 views

WordPress plugin aoa-downloadable 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

7.2CVSS8.9AI score0.0017EPSS

Positive Technologies•added 2025/03/25 12:0 a.m.•1 views

PT-2025-12757 · WordPress · Aoa-Downloadable

Name of the Vulnerable Software and Affected Versions: aoa-downloadable WordPress plugin version 0.1.0 Description: The issue concerns a lack of authorization and authentication for requests to the "download.php" endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

7.2CVSS9.4AI score0.0017EPSS

Exploits1References6

RedhatCVE•added 2025/02/14 5:27 a.m.•7 views

CVE-2024-36800

A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php...

7.5CVSS7.3AI score0.00108EPSS

RedhatCVE•added 2025/02/14 5:5 a.m.•7 views

CVE-2024-36801

A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the lgid parameter in Download.php...

5.9CVSS7.3AI score0.00621EPSS

Veracode•added 2024/06/18 7:25 a.m.•12 views

Insecure Deserialization

nukeviet/nukeviet vulnerable to a Insecure Deserialization. The vulnerability is due to improper handling of serialized data, allowing attackers to execute arbitrary code via download.php...

8.8CVSS7.8AI score0.00373EPSS

Exploits1References3Affected Software1

Cvelist•added 2024/06/10 12:0 a.m.•14 views

CVE-2024-36528

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php...

0.00373EPSS

OSV•added 2024/06/04 1:15 p.m.•1 views

CVE-2024-36800

A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php...

7.5CVSS5.9AI score

Exploits0References1

Positive Technologies•added 2024/06/04 12:0 a.m.•1 views

PT-2024-27163 · Semcms · Semcms

Name of the Vulnerable Software and Affected Versions: SEMCMS version 4.8 Description: A SQL injection issue allows a remote attacker to obtain sensitive information via the ID parameter in "Download.php". Recommendations: For SEMCMS version 4.8, update to a version that fixes this issue, as usin...

7.5CVSS7AI score0.00108EPSS

NVD•added 2024/05/07 3:15 p.m.•8 views

CVE-2024-34523

AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7.5CVSS6.7AI score0.00173EPSS

Vulnrichment•added 2024/05/07 12:0 a.m.•7 views

CVE-2024-34523

7AI score0.00173EPSS

UbuntuCve•added 2024/04/04 12:0 a.m.•18 views

CVE-2020-25730

Cross Site Scripting XSS vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHPSELF component in classic/views/download.php...

8.2CVSS6.1AI score0.00255EPSS

NVD•added 2024/03/20 2:15 p.m.•10 views

CVE-2024-28396

An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component...

7.5CVSS7.6AI score0.00425EPSS

Cvelist•added 2024/03/20 12:0 a.m.•12 views

CVE-2024-28396

An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component...

7.8AI score0.00425EPSS

CNNVD•added 2024/03/20 12:0 a.m.•1 views

PrestaShop Orders Export PRO Security Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop Orders Export PRO v.6.0.2 and prior versions, which originated...

7.5CVSS7.9AI score0.00425EPSS

Exploits0References3

CVE•added 2024/03/20 12:0 a.m.•57 views

CVE-2024-28396

CVE-2024-28396 affects MyPrestaModules ordersexport, version 6.0.2 and earlier. The vulnerability resides in the download.php component and allows a remote attacker to execute arbitrary code. Public sources consistently describe a need to update to a version that contains a fix; no exploit specif...

7.5CVSS7.9AI score0.00425EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/03/20 12:0 a.m.•11 views

CVE-2024-28396

An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component...

7.9AI score0.00425EPSS