6.9
CVE-2018-25200 - OOP CMS BLOG 1.0 Cross-Site Request Forgery via addUser.php
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and roleโฆ
8.8
CVE-2018-25199 - OOP CMS BLOG 1.0 SQL Injection via search parameter
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id paramโฆ
6.9
CVE-2018-25198 - eToolz 3.4.8.0 Denial of Service via Buffer Overflow
eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255 bytes of data that triggers a buffer overflow condition when processed by the application.
8.8
CVE-2018-25197 - PlayJoom 0.10.1 SQL Injection via catid Parameter
PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with option=com_playjoom&view=genre&catid=[SQL] to extract sensitive dโฆ
8.8
CVE-2018-25196 - ServerZilla 1.0 SQL Injection via email Parameter
ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to reset.php with malicious email values containing SQL operators to bypass authenticationโฆ
8.8
CVE-2018-25194 - Nominas 0.27 SQL Injection via username Parameter
Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can send POST requests to the login/checklogin.php endpoint with crafted UNION-based SQL injection payloaโฆ
8.7
CVE-2018-25193 - Mongoose Web Server 6.9 Denial of Service via Socket Connection
Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unaโฆ
8.8
CVE-2018-25192 - GPS Tracking System 2.12 SQL Injection via username Parameter
GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit crafted POST requests to the login.php endpoint with SQL injection payloads in the username fielโฆ
7.1
CVE-2018-25191 - Facturation System 1.0 SQL Injection via editar_producto.php
Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod_id' parameter. Attackers can send POST requests to the editar_producto.php endpoint with crafted SQL payloads in the mod_iโฆ
6.9
CVE-2018-25190 - Easyndexer 1.0 Cross-Site Request Forgery via createuser.php
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username, passโฆ