CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-18382

Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.019

EPSS Ranking 82.6%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://www.exploit-db.com/exploits/45604/
https://www.exploit-db.com/exploits/45604/

Products affected by CVE-2018-18382

Coderpixel » Advanced Hrm » Version: 1.6

cpe:2.3:a:coderpixel:advanced_hrm:1.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-18382

Products

Pricing

Contact Us