CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A cross-site scripting XSS vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter...

6.1CVSS5.6AI score0.00189EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 6:49 a.m.•4 views

CVE-2018-25002

uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy...

8.8CVSS7.1AI score0.00516EPSS

Exploits0References1

Github Security Blog•added 2022/05/24 4:51 p.m.•26 views

SunHater KCFinder cross-site scripting (XSS) vulnerability in upload.php

6.1CVSS5.8AI score0.00189EPSS

Exploits1References4Affected Software1

OSV•added 2022/05/24 4:51 p.m.•15 views

GHSA-VWH5-78JC-HPJX SunHater KCFinder cross-site scripting (XSS) vulnerability in upload.php

6.1CVSS5.9AI score0.00189EPSS

Exploits1References4

Packet Storm•added 2021/03/26 12:0 a.m.•715 views

Development Kamel KCFinder 1.7 Shell Upload

Exploit Title : Development Kamel - KCFinder Shell Upload Vulnerability + Date : 25/03/2021 + Exploit Author : RAYAN ALi + Home : http://kamel.tech/ + Discovered By : RAYAN + Vendor Homepage : http://kamel.tech/ + Exploit: + http://localhost/resources/admin/Editor/kcfinder/browse.php?type=files +...

0.3AI score

Exploits0

0day.today•added 2021/03/25 12:0 a.m.•99 views

Development Kamel KCFinder 1.7 Shell Upload Vulnerability

0.2AI score

Exploits0

Exploit DB•added 2021/03/19 12:0 a.m.•45 views

CouchCMS 2.2.1 - Server-Side Request Forgery

Exploit Title: CouchCMS 2.2.1 - SSRF via SVG file upload Date: 2021-01-25 Exploit Author: xxcdd Vendor Homepage: https://github.com/CouchCMS/CouchCMS Software Link: https://github.com/CouchCMS/CouchCMS Version: v2.2.1 Tested on: Windows 7 An issue was discovered in CouchCMS v2.2.1...

7.4AI score

Exploits0

NVD•added 2021/01/01 1:15 a.m.•10 views

CVE-2018-25002

8.8CVSS8.8AI score0.00516EPSS

Exploits0References3

OSV•added 2021/01/01 1:15 a.m.•2 views

CVE-2018-25002

8.8CVSS5.8AI score

Exploits0References3

Prion•added 2021/01/01 1:15 a.m.•17 views

Code injection

6.5CVSS8.7AI score0.00516EPSS

Exploits0References3Affected Software1

CNNVD•added 2021/01/01 12:0 a.m.•1 views

Drupal Input Validation Error Vulnerability

Drupal is an open source content management system developed in the PHP language by the Drupal community. An input validation error vulnerability exists in Drupal KCFinder version 2018-06-01 and prior versions that stems from incorrectly handling validation...

8.8CVSS7.3AI score0.00516EPSS

Exploits0References3

Cvelist•added 2020/12/31 11:27 p.m.•13 views

CVE-2018-25002

8.8AI score0.00516EPSS

Exploits0References3

CVE•added 2020/12/31 11:27 p.m.•87 views

CVE-2018-25002

CVE-2018-25002 affects the Drupal KCFinder integration (uploader.php) through 2018-06-01, where input validation is mishandled. The issue originates from the KCFinder integration project and is associated with SA-CONTRIB-2018-024. NVD lists CVSS v3.1 base score 8.8 (HIGH) with NETWORK attack vect...

8.8CVSS8.6AI score0.00516EPSS

Exploits0References3Affected Software1

CNVD•added 2019/07/29 12:0 a.m.•2 views

SunHater KCFinder Cross-Site Scripting Vulnerability

SunHater KCFinder is an open source file manager. A cross-site scripting vulnerability exists in SunHater KCFinder. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

6.1CVSS6.4AI score0.00189EPSS

Exploits1References1

NVD•added 2019/07/28 1:15 a.m.•7 views

CVE-2019-14315

6.1CVSS6AI score0.00189EPSS

Exploits1References1

OSV•added 2019/07/28 1:15 a.m.•14 views

CVE-2019-14315

6.1CVSS5.7AI score

Exploits0References1

Rows per page