Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:1 p.m.8 views

CVE-2018-19512

In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory...

9CVSS7.6AI score0.07362EPSS
Exploits2References1
NVD
NVD
added 2019/03/21 4:0 p.m.19 views

CVE-2018-19509

wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS...

6.1CVSS6.2AI score0.01058EPSS
Exploits2References2
NVD
NVD
added 2019/03/21 4:0 p.m.21 views

CVE-2018-19511

wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password...

6.5CVSS6.5AI score0.00727EPSS
Exploits2References2
Prion
Prion
added 2019/03/21 4:0 p.m.17 views

Cross site request forgery (csrf)

wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password...

4.3CVSS6.5AI score0.00727EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2019/03/21 4:0 p.m.14 views

Sql injection

In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sqlerrorlog/YYYY-MM-DD-sqlerrorlog.log filenames. The log file could contain sensitive client data email addresses and also facilitates exploitation of SQL injection errors...

5CVSS7.9AI score0.02124EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2019/03/21 4:0 p.m.19 views

Cross site scripting

wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS...

4.3CVSS6.2AI score0.01058EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/03/17 9:54 p.m.20 views

CVE-2018-19511

wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password...

6.5AI score0.00727EPSS
Exploits2References2
CVE
CVE
added 2019/03/17 9:54 p.m.40 views

CVE-2018-19511

CVE-2018-19511 concerns Webgalamb 7.0 where wg7.php lacks CSRF protections, demonstrated by using wg7.php?options=1 to change the administrator password. The Red Hat and NVD/NVD-linked records corroborate a CSRF flaw affecting Webgalamb, with no explicit exploit details or patch/version fixes pro...

6.5CVSS6.4AI score0.00727EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/03/17 9:49 p.m.35 views

CVE-2018-19509

wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS...

6.2AI score0.01058EPSS
Exploits2References2
Rows per page
Query Builder