|
208721
|
9.8 |
CRITICAL
Network
|
mobile_shop_system_project
|
mobile_shop_system
|
An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php.
|
CWE-89
SQL Injection
|
CVE-2020-25905
|
2024-11-21 14:18 |
2022-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208722
|
9.1 |
CRITICAL
Network
|
getsymphony
|
symphony
|
A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).
|
CWE-611
XXE
|
CVE-2020-25912
|
2024-11-21 14:18 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208723
|
9.1 |
CRITICAL
Network
|
modx
|
modx_revolution
|
A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).
|
CWE-611
XXE
|
CVE-2020-25911
|
2024-11-21 14:18 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208724
|
5.5 |
MEDIUM
Local
|
ranko
|
rkcms
|
A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete&sub=&filename=../../../../111.txt&filetype=image/jpeg of the master version of RKCMS. This vu…
|
CWE-22
Path Traversal
|
CVE-2020-25881
|
2024-11-21 14:18 |
2021-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208725
|
6.5 |
MEDIUM
Network
|
baijiacms_project
|
baijiacms
|
A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the "i…
|
CWE-22
Path Traversal
|
CVE-2020-25873
|
2024-11-21 14:18 |
2021-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208726
|
4.9 |
MEDIUM
Network
|
frogcms_project
|
frogcms
|
A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter.
|
CWE-22
Path Traversal
|
CVE-2020-25872
|
2024-11-21 14:18 |
2021-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208727
|
7.5 |
HIGH
Network
|
hcc-embedded
|
nichestack_ipv4
|
An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bound…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-25767
|
2024-11-21 14:18 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208728
|
9.8 |
CRITICAL
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-25566
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208729
|
9.8 |
CRITICAL
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-25565
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208730
|
8.8 |
HIGH
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature.
|
CWE-863
Incorrect Authorization
|
CVE-2020-25564
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
