| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter. |
| SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action. |
| SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field. |
| SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field. |
| SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request. |
| Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password. |
| SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI. |
| SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter. |
| SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter. |
| SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI. |
| SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter. |
| SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter. |
| Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account. |
| FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. |
| Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page. |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. |
| index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module. |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. |
