6.9
CVE-2018-25177 - Data Center Audit 2.6.2 Cross-Site Request Forgery via dca_resetpw.php
Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers can send requests to dca_resetpw.php with parameters updateuser, pass, pass2, and submit_reset to β¦
8.8
CVE-2018-25176 - Alive Parish 2.0.4 SQL Injection and Arbitrary File Upload
Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to the β¦
8.8
CVE-2018-25175 - Alienor Web Libre 2.0 SQL Injection via index.php
Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifiant β¦
6.9
CVE-2018-25174 - ABC ERP 0.6.4 Cross-Site Request Forgery via _configurar_perfil.php
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. Attackers can craft malicious forms or links containing parameters like usuario, contrasena1, contrasena2, nombre, andβ¦
8.8
CVE-2018-25173 - Rmedia SMS 1.0 SQL Injection via editgrp.php
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retrieve β¦
8.8
CVE-2018-25172 - Pedidos 1.0 SQL Injection via load_proveedores.php
Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to the ajax/load_proveedores.php endpoint with crafted SQL payloads to extract sensitive β¦
8.8
CVE-2018-25171 - EdTv 2 SQL Injection via id Parameter
EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/edit_source endpoint with crafted SQL UNION statements to extract database inforβ¦
8.8
CVE-2018-25170 - DoceboLMS 1.2 SQL Injection via lesson.php
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive databβ¦
8.7
CVE-2018-25169 - AMPPS 2.7 Denial of Service via Malformed Socket Connection
AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability.
5.3
CVE-2018-25168 - Precurio Intranet Portal 2.0 Cross-Site Request Forgery Add Admin
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameters β¦