Security Vulnerabilities - CVEs Published In February 2019
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-02-18
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-18
JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-02-18
In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-18
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-02-18
imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-02-18
VNote 2.2 has XSS via a new text note.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-17
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
CVSS Score
7.2
EPSS Score
0.002
Published
2019-02-17
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-02-17
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-02-17