Lucene search
K

9 matches found

NVD
NVD
added 2020/09/14 8:15 p.m.29 views

CVE-2020-10228

A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution...

8.8CVSS0.02883EPSS
Exploits2References3
Prion
Prion
added 2020/09/14 8:15 p.m.18 views

Unrestricted file upload

A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution...

6.5CVSS8.8AI score0.02883EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2020/09/14 7:58 p.m.28 views

CVE-2020-10227

A cross-site scripting XSS vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email...

6.4AI score0.01149EPSS
Exploits2References3
CVE
CVE
added 2020/09/14 7:58 p.m.81 views

CVE-2020-10227

CVE-2020-10227 describes a cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE, where an attacker can inject arbitrary JavaScript via the From field of an email. Affected component: vtenext/vtecrm 19 CE, Messages module. Root cause: input handling in the email ...

6.1CVSS6.2AI score0.01149EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2020/09/14 7:56 p.m.78 views

CVE-2020-10228

CVE-2020-10228 affects vtecrm/vtenext 19 CE and is a file upload vulnerability that allows authenticated users to upload a .pht file, enabling remote code execution. Public discussions and exploits exist (e.g., Exploit-DB) describing the chain to achieve RCE. Multiple catalogs (NVD, Red Hat, CNVD...

8.8CVSS8.8AI score0.02883EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2020/09/14 7:56 p.m.33 views

CVE-2020-10228

A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution...

8.9AI score0.02883EPSS
Exploits2References3
CVE
CVE
added 2020/09/14 7:55 p.m.69 views

CVE-2020-10229

CVE-2020-10229 describes a CSRF vulnerability in VTENEXT 19 CE (vtecrm) that enables an attacker to perform administrator-level actions on behalf of a logged-in admin, including uploading files, adding users, and deleting accounts. Public sources in the connected set include references to Red Hat...

8.8CVSS8.6AI score0.00822EPSS
Exploits3References3Affected Software1
Exploit DB
Exploit DB
added 2020/09/11 12:0 a.m.730 views

VTENEXT 19 CE - Remote Code Execution

!/usr/bin/python3 Exploit Title: VTENEXT 19 CE - Remote Code Execution Google Dork: n/a Date: 2020/09/09 Exploit Author: Marco Ruela Vendor Homepage: https://www.vtenext.com/en/ Software Link: Vendor removed vulnerable version from sourceforge.net Version: 19 CE Tested on: Ubuntu 16.04 CVE : N/A...

8.8CVSS7.5AI score0.02883EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/09/11 12:0 a.m.576 views

VTENEXT 19 CE Remote Code Execution

!/usr/bin/python3 Exploit Title: VTENEXT 19 CE - Remote Code Execution Google Dork: n/a Date: 2020/09/09 Exploit Author: Marco Ruela Vendor Homepage: https://www.vtenext.com/en/ Software Link: Vendor removed vulnerable version from sourceforge.net Version: 19 CE Tested on: Ubuntu 16.04 CVE : N/A...

0.02883EPSS
Exploits4
Rows per page
Query Builder