Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
ApacheVirtual Computing Lab

3 matches found

CVE
CVEadded 2019/07/29 6:32 p.m.51 views

CVE-2018-11772

The CVE-2018-11772 entry concerns Apache VCL versions 2.1–2.5 with an SQL injection caused by improper validation of cookie input used to determine the previously selected node in the privilege tree. The cookie data is incorporated into an SQL statement, enabling injection. Access to this VCL are...

7.2CVSS7.4AI score0.0046EPSS
CVE
CVEadded 2019/07/29 6:11 p.m.43 views

CVE-2018-11773

Apache VCL exposes a vulnerability in versions 2.1–2.5 where submitted block allocation form input is not properly validated and is passed to PHP’s strtotime, enabling exploitation of that function’s behavior. The advisory notes that versions earlier than 2.5.1 should be upgraded or patched; upgr...

9.8CVSS9.2AI score0.00877EPSS
CVE
CVEadded 2019/07/29 6:17 p.m.42 views

CVE-2018-11774

CVE-2018-11774 affects Apache VCL versions 2.1–2.5. The issue is improper validation of form input used in SQL statements when adding/removing VMs to hosts, enabling an SQL injection described as requiring admin-level access. A fix/upgrade is advised for versions earlier than 2.5.1. The available...

7.2CVSS7.3AI score0.0046EPSS