8.8
CVE-2018-25179 - Gumbo CMS 0.99 SQL Injection via settings endpoint
Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send POST requests to the settings endpoint with crafted SQL payloads in the language parameter to β¦
8.7
CVE-2018-25178 - Easyndexer 1.0 Arbitrary File Download via showtif.php
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like configβ¦
6.9
CVE-2018-25177 - Data Center Audit 2.6.2 Cross-Site Request Forgery via dca_resetpw.php
Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers can send requests to dca_resetpw.php with parameters updateuser, pass, pass2, and submit_reset to β¦
8.8
CVE-2018-25176 - Alive Parish 2.0.4 SQL Injection and Arbitrary File Upload
Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to the β¦
8.8
CVE-2018-25175 - Alienor Web Libre 2.0 SQL Injection via index.php
Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifiant β¦
6.9
CVE-2018-25174 - ABC ERP 0.6.4 Cross-Site Request Forgery via _configurar_perfil.php
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. Attackers can craft malicious forms or links containing parameters like usuario, contrasena1, contrasena2, nombre, andβ¦
8.8
CVE-2018-25173 - Rmedia SMS 1.0 SQL Injection via editgrp.php
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retrieve β¦
8.8
CVE-2018-25172 - Pedidos 1.0 SQL Injection via load_proveedores.php
Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to the ajax/load_proveedores.php endpoint with crafted SQL payloads to extract sensitive β¦
8.8
CVE-2018-25171 - EdTv 2 SQL Injection via id Parameter
EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/edit_source endpoint with crafted SQL UNION statements to extract database inforβ¦
8.8
CVE-2018-25170 - DoceboLMS 1.2 SQL Injection via lesson.php
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive databβ¦