|
210091
|
6.5 |
MEDIUM
Network
|
weberp
|
weberp
|
In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusion.
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2020-22474
|
2024-11-21 14:13 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210092
|
7.2 |
HIGH
Network
|
nagios
|
nagios_xi
|
NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE …
|
NVD-CWE-noinfo
|
CVE-2020-22427
|
2024-11-21 14:13 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210093
|
8.8 |
HIGH
Network
|
centreon
|
centreon
|
Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.
|
CWE-89
SQL Injection
|
CVE-2020-22425
|
2024-11-21 14:13 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210094
|
6.1 |
MEDIUM
Network
|
b2evolution
|
b2evolution_cms
|
Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 para…
|
CWE-79
Cross-site Scripting
|
CVE-2020-22839
|
2024-11-21 14:13 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210095
|
4.8 |
MEDIUM
Network
|
b2evolution
|
b2evolution
|
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.
|
CWE-79
Cross-site Scripting
|
CVE-2020-22841
|
2024-11-21 14:13 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210096
|
6.1 |
MEDIUM
Network
|
b2evolution
|
b2evolution
|
Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_pas…
|
CWE-601
Open Redirect
|
CVE-2020-22840
|
2024-11-21 14:13 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210097
|
9.8 |
CRITICAL
Network
|
phplist
|
phplist
|
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
|
NVD-CWE-noinfo
|
CVE-2020-23361
|
2024-11-21 14:13 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210098
|
9.8 |
CRITICAL
Network
|
oscommerce
|
oscommerce
|
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/passw…
|
CWE-697
Incorrect Comparison
|
CVE-2020-23360
|
2024-11-21 14:13 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210099
|
9.8 |
CRITICAL
Network
|
webidsupport
|
webid
|
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can…
|
CWE-697
Incorrect Comparison
|
CVE-2020-23359
|
2024-11-21 14:13 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210100
|
7.5 |
HIGH
Network
|
nibbleblog
|
nibbleblog
|
dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followe…
|
NVD-CWE-noinfo
|
CVE-2020-23356
|
2024-11-21 14:13 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
