Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7212 matches found

Prion
Prionadded 2023/07/07 7:15 p.m.18 views

Code injection

PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code...

5.8CVSS7.3AI score0.00978EPSS
Exploits1References1Affected Software1
Prion
Prionadded 2023/07/07 7:15 p.m.12 views

Code injection

In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code...

7.5CVSS9.4AI score0.00744EPSS
Exploits1References1Affected Software1
CNNVD
CNNVDadded 2023/07/07 12:0 a.m.2 views

TravianZ 安全漏洞

TravianZ is a free-to-play, in-browser, web-based strategy game from Travian, a German company. A security vulnerability exists in TravianZ version 8.3.4, 8.3.3, which stems from incorrect access control. An attacker could exploit the vulnerability to override the server configuration and inject...

9.8CVSS8.5AI score0.00744EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2023/07/07 12:0 a.m.7 views

CVE-2023-36992

PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code...

7.6AI score0.00978EPSS
Exploits1References1
Cvelist
Cvelistadded 2023/07/07 12:0 a.m.16 views

CVE-2023-36994

In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code...

9.7AI score0.00744EPSS
Exploits1References1
CVE
CVEadded 2023/07/07 12:0 a.m.34 views

CVE-2023-36994

CVE-2023-36994 concerns TravianZ versions 8.3.3 and 8.3.4, where an incorrect access control in the installation script allows an attacker to overwrite the server configuration and inject PHP code. The description in multiple sources confirms the root cause as incorrect access control within the ...

9.8CVSS9.4AI score0.00744EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2023/07/06 2:15 p.m.10 views

CVE-2020-21861

File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload...

8.8CVSS9AI score0.00589EPSS
Exploits1References1
NVD
NVDadded 2023/06/20 3:15 p.m.10 views

CVE-2020-20918

An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...

7.2CVSS7.3AI score0.00849EPSS
Exploits1References1
Prion
Prionadded 2023/06/20 3:15 p.m.13 views

Code injection

An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...

5.8CVSS7.2AI score0.00849EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2023/06/20 12:0 a.m.17 views

CVE-2020-20918

An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...

7.2AI score0.00849EPSS
Exploits1References1
Hacker One
Hacker Oneadded 2023/06/19 9:3 p.m.16 views

Invision Power Services, Inc.: XSS with Visual Language Editor tags

A security vulnerability allowed an attacker to execute arbitrary code on a website by exploiting the Visual Language Editor tags. By injecting malicious code into a post or comment, the attacker could gain full control of the website and its data. The vulnerability has been patched...

8.2AI score
Exploits0
NVD
NVDadded 2023/06/17 10:15 p.m.13 views

CVE-2023-35808

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input...

8.8CVSS8.7AI score0.01008EPSS
Exploits2References3
NVD
NVDadded 2023/06/17 10:15 p.m.18 views

CVE-2023-35809

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges...

8.8CVSS8.7AI score0.01009EPSS
Exploits2References3
Prion
Prionadded 2023/06/17 10:15 p.m.11 views

Unrestricted file upload

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input...

6.5CVSS8.7AI score0.01008EPSS
Exploits2References3Affected Software1
Prion
Prionadded 2023/06/17 10:15 p.m.12 views

Input validation

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges...

6.5CVSS8.6AI score0.01009EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichmentadded 2023/06/17 12:0 a.m.10 views

CVE-2023-35810

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing...

7.3AI score0.00981EPSS
Exploits2References3
Cvelist
Cvelistadded 2023/06/17 12:0 a.m.19 views

CVE-2023-35808

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input...

9AI score0.01008EPSS
Exploits2References3
Cvelist
Cvelistadded 2023/06/17 12:0 a.m.22 views

CVE-2023-35809

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges...

8.8AI score0.01009EPSS
Exploits2References3
Vulnrichment
Vulnrichmentadded 2023/06/17 12:0 a.m.9 views

CVE-2023-35809

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges...

7AI score0.01009EPSS
Exploits2References3
CVE
CVEadded 2023/06/17 12:0 a.m.44 views

CVE-2023-35808

SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3 contains an Unrestricted File Upload flaw in the Notes module due to missing input validation. Crafted requests can inject and execute PHP code with regular user privileges. Affected editions include non-Enterprise as well. Technical detail...

8.8CVSS8.7AI score0.01008EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder