CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2019/07/01 6:15 p.m.•2 views

CVE-2019-12826

8.8CVSS7.5AI score0.0111EPSS

Prion•added 2019/07/01 6:15 p.m.•12 views

Cross site request forgery (csrf)

6.8CVSS8.9AI score0.0111EPSS

Exploits1References4Affected Software1

CVE•added 2019/07/01 5:56 p.m.•93 views

CVE-2019-12826

CVE-2019-12826 affects the WordPress Widget Logic plugin (widget_logic.php) prior to version 5.10.2. The vulnerability is a CSRF that allows remote attackers to inject and execute PHP code by crafting a malicious POST request, leveraging snippets stored in widgets that are eval’d to determine vis...

8.8CVSS8.9AI score0.0111EPSS

Exploits1References4Affected Software1

NVD•added 2019/06/07 5:29 p.m.•17 views

CVE-2018-19462

admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php...

7.2CVSS7.7AI score0.0221EPSS

Cvelist•added 2019/06/07 4:44 p.m.•22 views

CVE-2018-19462

admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php...

7.8AI score0.0221EPSS

UbuntuCve•added 2019/06/05 5:29 p.m.•43 views

CVE-2019-9642

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a...

9.8CVSS7.4AI score0.02433EPSS

Exploits0References3

Prion•added 2019/06/05 5:29 p.m.•23 views

Server side request forgery (ssrf)

7.5CVSS9.4AI score0.02433EPSS

Cvelist•added 2019/06/05 4:15 p.m.•25 views

CVE-2019-9642

9.5AI score0.02433EPSS

UbuntuCve•added 2019/05/24 6:29 p.m.•26 views

CVE-2016-10752

serendipitymoveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename...

9.8CVSS7.5AI score0.02346EPSS

Exploits0References3

Prion•added 2019/05/24 6:29 p.m.•18 views

Directory traversal

osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajaxupload...

6.5CVSS8AI score0.02866EPSS

OSV•added 2019/05/24 6:29 p.m.•3 views

CVE-2016-10757

In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php...

8.8CVSS6AI score

NVD•added 2019/05/24 6:29 p.m.•21 views

CVE-2016-10751

7.2CVSS7.4AI score0.02866EPSS

NVD•added 2019/05/24 6:29 p.m.•21 views

CVE-2016-10752

9.8CVSS9.8AI score0.02346EPSS

OSV•added 2019/05/24 6:29 p.m.•19 views

CVE-2016-10752

9.8CVSS7.8AI score

OSV•added 2019/05/24 6:29 p.m.•15 views

CVE-2016-10751

7.2CVSS7.7AI score

Prion•added 2019/05/24 6:29 p.m.•11 views

Design/Logic Flaw

7.5CVSS8.1AI score0.02346EPSS

CVE•added 2019/05/24 5:40 p.m.•56 views

CVE-2016-10751

osClass 3.6.1 contains a Directory Traversal in oc-admin/plugins.php via the plugin parameter, enabling remote PHP code execution by uploading a PHP-containing image through index.php?page=ajax&action=ajax_upload. Exploitation details are described in multiple sources; the root cause is improper ...

7.2CVSS7.3AI score0.02866EPSS

Cvelist•added 2019/05/24 5:40 p.m.•20 views

CVE-2016-10751

7.4AI score0.02866EPSS