Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2019
CVE-2019-9566
FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-03-04
CVE-2019-9567
The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-03-04
CVE-2019-9568
The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission.
CVSS Score
6.5
EPSS Score
0.006
Published
2019-03-04
CVE-2019-9563
In BlueMind 3.5.x before 3.5.11 Hotfix 7 and 4.x before 4.0-beta3, the contact application mishandles temporary uploads.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-03-04
CVE-2019-9565
Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or upon an indirect launch via an integration such as Chrome, Firefox, Word, Outlook, etc. This occurs because the product attempts to access a share with the PLUG-INS subdomain name; an attacker may be able to use Active Directory Domain Services to register that name.
CVSS Score
9.1
EPSS Score
0.003
Published
2019-03-04
CVE-2019-9551
An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06. It has admin.php XSS.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-03-04
CVE-2019-9552
Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-03-04
CVE-2019-9549
An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-03-03
CVE-2019-9550
DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-03-03
CVE-2019-8278
Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-03-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved