Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2021
CVE-2020-35327
SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php
CVSS Score
6.5
EPSS Score
0.003
Published
2021-03-04
CVE-2020-35328
Courier Management System 1.0 - 'First Name' Stored XSS
CVSS Score
5.4
EPSS Score
0.002
Published
2021-03-04
CVE-2020-35329
Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-03-04
CVE-2021-22183
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions.
CVSS Score
4.1
EPSS Score
0.002
Published
2021-03-04
CVE-2021-22189
Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues.
CVSS Score
5.9
EPSS Score
0.001
Published
2021-03-04
CVE-2020-24913
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
CVSS Score
9.8
EPSS Score
0.481
Published
2021-03-04
CVE-2020-24914
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.
CVSS Score
9.8
EPSS Score
0.377
Published
2021-03-04
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
CVSS Score
8.8
EPSS Score
0.013
Published
2021-03-04
CVE-2020-24912
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
CVSS Score
6.1
EPSS Score
0.319
Published
2021-03-04
CVE-2019-18629
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key.
CVSS Score
8.1
EPSS Score
0.005
Published
2021-03-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved