Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2025
CVE-2025-25767
A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-02-21
CVE-2025-25768
MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-02-21
CVE-2025-25769
Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /controller/UserController.java.
CVSS Score
8.0
EPSS Score
0.0
Published
2025-02-21
CVE-2025-25770
Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /agency/AgencyUserController.java.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-02-21
CVE-2025-25772
A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-02-21
CVE-2020-19248
SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs, thus triggering vulnerabilities when the program uses eval statements to parse templates.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-02-21
CVE-2025-25876
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /delete.php. The attack can use SQL injection to obtain sensitive data.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-02-21
CVE-2025-25877
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data.
CVSS Score
3.8
EPSS Score
0.0
Published
2025-02-21
CVE-2025-25878
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /del.php. The attack can use SQL injection to obtain sensitive data.
CVSS Score
3.8
EPSS Score
0.0
Published
2025-02-21
CVE-2025-25765
MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-02-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved