|
212281
|
6.5 |
MEDIUM
Network
|
pluck-cms
|
pluck
|
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI.
|
CWE-352
Origin Validation Error
|
CVE-2019-9051
|
2024-11-21 13:50 |
2019-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212282
|
7.2 |
HIGH
Network
|
pluck-cms
|
pluck
|
An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9050
|
2024-11-21 13:50 |
2019-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212283
|
6.5 |
MEDIUM
Network
|
pluck-cms
|
pluck
|
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI.
|
CWE-352
Origin Validation Error
|
CVE-2019-9049
|
2024-11-21 13:50 |
2019-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212284
|
6.5 |
MEDIUM
Network
|
pluck-cms
|
pluck
|
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI.
|
CWE-352
Origin Validation Error
|
CVE-2019-9048
|
2024-11-21 13:50 |
2019-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212285
|
7.2 |
HIGH
Network
|
sitemagic
|
sitemagic_cms
|
An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the ad…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9042
|
2024-11-21 13:50 |
2019-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212286
|
7.2 |
HIGH
Network
|
zzzcms
|
zzzphp
|
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:a…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2019-9041
|
2024-11-21 13:50 |
2019-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212287
|
8.8 |
HIGH
Network
|
s-cms
|
s-cms
|
S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.
|
CWE-352
Origin Validation Error
|
CVE-2019-9040
|
2024-11-21 13:50 |
2019-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212288
|
7.5 |
HIGH
Network
|
matio_project
|
matio
|
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in the function ReadNextCell() in mat5.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-9038
|
2024-11-21 13:50 |
2019-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212289
|
9.1 |
CRITICAL
Network
|
matio_project
|
matio
|
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-9037
|
2024-11-21 13:50 |
2019-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212290
|
7.5 |
HIGH
Network
|
matio_project
|
matio
|
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function ReadNextFunctionHandle() in mat5.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-9036
|
2024-11-21 13:50 |
2019-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
