|
208391
|
9.8 |
CRITICAL
Network
|
zzcms
|
zzcms
|
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2020-23426
|
2024-11-21 14:13 |
2021-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208392
|
7.5 |
HIGH
Network
|
unionpayintl
|
union_pay
|
Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile a…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-23533
|
2024-11-21 14:13 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208393
|
6.1 |
MEDIUM
Network
|
aryanic
|
high_cms
|
Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23517
|
2024-11-21 14:13 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208394
|
5.4 |
MEDIUM
Network
|
ultimatekode
|
neo_billing
|
Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23518
|
2024-11-21 14:13 |
2021-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208395
|
9.8 |
CRITICAL
Network
|
masterlab
|
masterlab
|
A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-23534
|
2024-11-21 14:13 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208396
|
6.8 |
MEDIUM
Physics
|
tasks
|
tasks
|
"Tasks" application version before 9.7.3 is affected by insecure permissions. The VoiceCommandActivity application component allows arbitrary applications on a device to add tasks with no restriction…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-22475
|
2024-11-21 14:13 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208397
|
6.5 |
MEDIUM
Network
|
weberp
|
weberp
|
In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusion.
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2020-22474
|
2024-11-21 14:13 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208398
|
7.2 |
HIGH
Network
|
nagios
|
nagios_xi
|
NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE …
|
NVD-CWE-noinfo
|
CVE-2020-22427
|
2024-11-21 14:13 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208399
|
8.8 |
HIGH
Network
|
centreon
|
centreon
|
Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.
|
CWE-89
SQL Injection
|
CVE-2020-22425
|
2024-11-21 14:13 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208400
|
6.1 |
MEDIUM
Network
|
b2evolution
|
b2evolution_cms
|
Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 para…
|
CWE-79
Cross-site Scripting
|
CVE-2020-22839
|
2024-11-21 14:13 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
