|
215721
|
8.8 |
HIGH
Network
|
clanscripts_project
|
clanscripts
|
Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5.
|
CWE-352
Origin Validation Error
|
CVE-2020-18131
|
2024-11-21 14:08 |
2023-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215722
|
9.1 |
CRITICAL
Network
|
chinamobileltd
|
gpn2.4p21-c-cn_firmware
|
Directory traversal vulnerability in ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), via the getpage parameter …
|
CWE-22
Path Traversal
|
CVE-2020-18331
|
2024-11-21 14:08 |
2023-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215723
|
9.1 |
CRITICAL
Network
|
chinamobileltd
|
gpn2.4p21-c-cn_firmware
|
An issue was discovered in the default configuration of ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), allows …
|
CWE-22
Path Traversal
|
CVE-2020-18330
|
2024-11-21 14:08 |
2023-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215724
|
7.5 |
HIGH
Network
|
carel
|
pcoweb_card_web
pcoweb_card_boot
pcoweb_card_bios
|
An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interfa…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-18329
|
2024-11-21 14:08 |
2023-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215725
|
6.1 |
MEDIUM
Network
|
alfresco
|
alfresco
|
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2
|
CWE-79
Cross-site Scripting
|
CVE-2020-18327
|
2024-11-21 14:08 |
2022-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215726
|
8.8 |
HIGH
Network
|
intelliants
|
subrion_cms
|
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an author…
|
CWE-352
Origin Validation Error
|
CVE-2020-18326
|
2024-11-21 14:08 |
2022-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215727
|
6.1 |
MEDIUM
Network
|
intelliants
|
subrion_cms
|
Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.
|
CWE-79
Cross-site Scripting
|
CVE-2020-18325
|
2024-11-21 14:08 |
2022-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215728
|
6.1 |
MEDIUM
Network
|
intelliants
|
subrion_cms
|
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.
|
CWE-79
Cross-site Scripting
|
CVE-2020-18324
|
2024-11-21 14:08 |
2022-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215729
|
7.5 |
HIGH
Network
|
sem-cms
|
semcms
|
The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query.
|
CWE-89
SQL Injection
|
CVE-2020-18081
|
2024-11-21 14:08 |
2021-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215730
|
9.8 |
CRITICAL
Network
|
sem-cms
|
semcms
|
A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account's password.
|
NVD-CWE-noinfo
|
CVE-2020-18078
|
2024-11-21 14:08 |
2021-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
