Lucene search
K

38 matches found

ptsecurity
ptsecurity
added 2024/06/04 12:0 a.m.4 views

PT-2024-27066 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF that was discovered in idccms. This CSRF is accessible via the "admin/vpsCompany deal.php?mudi=del" endpoint. Recommendations: For idccms version 1.35,...

8.8CVSS6.9AI score0.0023EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2024/06/04 12:0 a.m.3 views

PT-2024-27067 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in idccms. The issue is related to the /admin/vpsCompany deal.php endpoint, specifically with the parameters mudi and nohrefStr. Recommendations: For idcc...

8.8CVSS6.8AI score0.00296EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2024/05/22 12:0 a.m.15 views

PT-2024-26540 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF in the component /admin/infoWeb deal.php. The mudi, dataType, and dataTypeCN parameters are involved. This allows for unauthorized actions to be...

5.4CVSS6.3AI score0.00191EPSS
Exploits1References7
cve
cve
added 2024/05/16 2:29 p.m.86 views

CVE-2024-35039

CVE-2024-35039 affects idccms version 1.35. The vulnerability is a Cross-Site Request Forgery (CSRF) that can be triggered via the endpoint admin/tplSys_deal.php?mudi=area. The available sources consistently describe a CSRF risk without detailing an exploitation method beyond the vulnerable endpo...

3.8CVSS7.4AI score0.00192EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2024/05/16 12:0 a.m.5 views

PT-2024-26272 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in idccms via the component "admin/banner deal.php?mudi=add". This allows for potential unauthorized actions. Recommendations: For idccms version 1.35, as...

6.5CVSS7AI score0.00381EPSS
Exploits3References6
ptsecurity
ptsecurity
added 2024/05/15 12:0 a.m.6 views

PT-2024-26320 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "/admin/homePro deal.php" with parameters mudi, dataType, and dataTypeCN. This issue allows for unauthorized requests. Recommendations: F...

8.8CVSS6.7AI score0.00329EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2024/05/15 12:0 a.m.4 views

PT-2024-26321 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "/homePro deal.php" with parameters mudi and nohrefStr. This allows for unauthorized requests to be made. Recommendations: For idccms...

6.5CVSS7.1AI score0.0019EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2024/05/14 12:0 a.m.5 views

PT-2024-26290 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF in the /admin/banner deal.php component. The mudi, dataType, dataTypeCN, theme, and dataID parameters are involved. This allows for unauthorized action...

8.8CVSS6.8AI score0.00301EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2024/05/14 12:0 a.m.5 views

PT-2024-26291 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "/admin/infoType deal.php" with parameters mudi and nohrefStr. This allows for unauthorized requests. Recommendations: For idccms version...

5.4CVSS6.7AI score0.00192EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2024/05/06 12:0 a.m.3 views

PT-2024-25501 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the /admin/readDeal.php component, specifically via the mudi parameter set to clearWebCache. This allows for unauthorized actions to be performed on...

8.1CVSS6.7AI score0.00299EPSS
Exploits1References5
attackerkb
attackerkb
added 2023/06/21 9:15 p.m.9 views

CVE-2023-24261

A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request...

7.2CVSS6.3AI score0.18778EPSS
Exploits1References2
osv
osv
added 2023/06/21 9:15 p.m.4 views

CVE-2023-24261

A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request...

7.2CVSS6.1AI score0.18778EPSS
Exploits1References1
nvd
nvd
added 2023/06/21 9:15 p.m.26 views

CVE-2023-24261

A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request...

7.2CVSS7.1AI score0.18778EPSS
Exploits1References1
prion
prion
added 2023/06/21 9:15 p.m.16 views

Cross site request forgery (csrf)

A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request...

5.8CVSS7.1AI score0.18778EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2023/06/21 12:0 a.m.26 views

CVE-2023-24261

A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request...

7.3AI score0.18778EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2023/06/21 12:0 a.m.6 views

PT-2023-19503 · Gl.Inet · Gl-E750 Mudi

Name of the Vulnerable Software and Affected Versions: GL.iNET GL-E750 Mudi versions prior to v3.216 Description: A vulnerability in the software allows authenticated attackers to execute arbitrary code via a crafted POST request. Recommendations: For versions prior to v3.216, update to firmware...

7.2CVSS8AI score0.18778EPSS
Exploits1References4
cve
cve
added 2023/06/21 12:0 a.m.49 views

CVE-2023-24261

GL.iNET GL-E750 Mudi devices are affected by CVE-2023-24261. The vulnerability allows an authenticated attacker to execute arbitrary code via a crafted POST request, affecting firmware prior to v3.216. The cited details indicate network-exposed, authenticated code execution with high impact on co...

7.2CVSS7.1AI score0.18778EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2023/04/02 12:0 a.m.8 views

PT-2023-2274 · Otcms · Otcms

Name of the Vulnerable Software and Affected Versions: OTCMS version 6.0.1 Description: A critical vulnerability was found in OTCMS, related to the absence of restrictions on file uploads. This issue affects an unknown functionality of the file sysCheckFile.php, where the mudi parameter is set to...

9.8CVSS8AI score0.00873EPSS
Exploits1References8
Rows per page
Query Builder