Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2017
CVE-2014-8701
Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-03-17
CVE-2014-8702
Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message.
CVSS Score
5.3
EPSS Score
0.003
Published
2017-03-17
CVE-2014-8703
Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-03-17
CVE-2014-8704
Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme.
CVSS Score
9.8
EPSS Score
0.013
Published
2017-03-17
CVE-2014-8705
PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter.
CVSS Score
9.8
EPSS Score
0.007
Published
2017-03-17
CVE-2014-8706
Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing the image parameter to a string, which reveals the installation path in an error message.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-03-17
CVE-2014-8707
Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-03-17
CVE-2014-8708
Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature.
CVSS Score
9.8
EPSS Score
0.029
Published
2017-03-17
CVE-2014-8722
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.
CVSS Score
7.5
EPSS Score
0.338
Published
2017-03-17
CVE-2014-8723
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.
CVSS Score
5.3
EPSS Score
0.003
Published
2017-03-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved