Total
298769 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20614 | 1 Cim Project | 1 Cim | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install/#/step3 URI. | |||||
| CVE-2018-20613 | 1 Temmoku Project | 1 Temmoku | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| TEMMOKU T1.09 Beta allows admin/user/add CSRF. | |||||
| CVE-2018-20612 | 1 Asthis | 1 Universal Website Asthis | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. | |||||
| CVE-2018-20611 | 1 Txjia | 1 Imcat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. | |||||
| CVE-2018-20610 | 1 Txjia | 1 Imcat | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter. | |||||
| CVE-2018-20609 | 1 Txjia | 1 Imcat | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI. | |||||
| CVE-2018-20608 | 1 Txjia | 1 Imcat | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI. | |||||
| CVE-2018-20607 | 1 Txjia | 1 Imcat | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI. | |||||
| CVE-2018-20606 | 1 Txjia | 1 Imcat | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI. | |||||
| CVE-2018-20605 | 1 Txjia | 1 Imcat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file. | |||||
| CVE-2018-20604 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file. | |||||
| CVE-2018-20603 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF. | |||||
| CVE-2018-20602 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI. | |||||
| CVE-2018-20601 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action. | |||||
| CVE-2018-20600 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action. | |||||
| CVE-2018-20599 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action. | |||||
| CVE-2018-20598 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| UCMS 1.4.7 has ?do=user_addpost CSRF. | |||||
| CVE-2018-20597 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action. | |||||
| CVE-2018-20596 | 1 Jspxcms | 1 Jspxcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Jspxcms v9.0.0 allows SSRF. | |||||
| CVE-2018-20595 | 1 Hsweb | 1 Hsweb | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful. | |||||