anonhaven
Ad

CVE Vulnerability Database

Complete database of CVE vulnerabilities. Track critical security threats, exploits and patches. Updated daily from NVD NIST.

CVE-2018-25182

8.8

Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET …

PHP
Details

CVE-2018-25181

8.7

Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter …

Musicco
Details

CVE-2018-25180

7.1

Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers …

Maitra
Details

CVE-2018-25179

8.8

Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send POST requests …

Gumbo
Details

CVE-2018-25178

8.7

Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary …

PHP
Details

CVE-2018-25177

6.9

Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers can send requests to dca_resetpw.php …

PHP
Details

CVE-2018-25176

8.8

Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers …

Alive
Details

CVE-2018-25175

8.8

Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted …

PHP
Details

CVE-2018-25174

6.9

ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. Attackers can craft malicious forms or links containing …

PHP
Details

CVE-2018-25173

8.8

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to …

PHP
Details
801/3864