Vulnerabilities (CVE)

Total 315274 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-26051 1 College Management System Project 1 College Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query.
CVE-2020-26050 1 Safervpn 1 Safervpn 2024-11-21 7.2 HIGH 7.8 HIGH
SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file. This issue is similar to CVE-2019-12572.
CVE-2020-26049 1 Niftypm 1 Nifty-pm 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution.
CVE-2020-26048 1 Cuppacms 1 Cuppacms 2024-11-21 6.5 MEDIUM 8.8 HIGH
The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.
CVE-2020-26046 1 Thedaylightstudio 1 Fuel Cms 2024-11-21 4.3 MEDIUM 5.4 MEDIUM
FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors.
CVE-2020-26045 1 Thedaylightstudio 1 Fuel Cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CVE-2020-26043 1 Hoosk 1 Hoosk 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php
CVE-2020-26042 1 Hoosk 1 Hoosk 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php
CVE-2020-26041 1 Hoosk 1 Hoosk 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php
CVE-2020-26037 1 Evenbalance 1 Punkbuster 2024-11-21 N/A 9.8 CRITICAL
Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.
CVE-2020-26035 1 Zammad 1 Zammad 2024-11-21 3.5 LOW 5.4 MEDIUM
An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket.
CVE-2020-26034 1 Zammad 1 Zammad 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized as associated with a valid user.
CVE-2020-26033 1 Zammad 1 Zammad 2024-11-21 5.8 MEDIUM 5.4 MEDIUM
An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check.
CVE-2020-26032 1 Zammad 1 Zammad 2024-11-21 5.0 MEDIUM 7.5 HIGH
An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may lead to disclosure of information from intranet systems.
CVE-2020-26031 1 Zammad 1 Zammad 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions).
CVE-2020-26030 1 Zammad 1 Zammad 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users.
CVE-2020-26029 1 Zammad 1 Zammad 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header.
CVE-2020-26028 1 Zammad 1 Zammad 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets.
CVE-2020-26008 1 Shopxo 1 Shopxo 2024-11-21 6.8 MEDIUM 7.8 HIGH
The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2020-26007 1 Shopxo 1 Shopxo 2024-11-21 6.8 MEDIUM 7.8 HIGH
An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.