Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2019
CVE-2019-11591
The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-04-29
CVE-2019-11592
WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-29
CVE-2019-5492
Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-04-29
CVE-2019-11577
dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses.
CVSS Score
9.8
EPSS Score
0.043
Published
2019-04-28
CVE-2019-11578
auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.
CVSS Score
5.9
EPSS Score
0.005
Published
2019-04-28
CVE-2019-11579
dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED.
CVSS Score
5.3
EPSS Score
0.005
Published
2019-04-28
CVE-2019-11576
Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-04-28
CVE-2019-11565
Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter.
CVSS Score
9.8
EPSS Score
0.025
Published
2019-04-27
CVE-2019-11567
An issue was discovered in AikCms v2.0. There is a SQL Injection vulnerability via $_GET['del'], as demonstrated by an admin/page/system/nav.php?del= URI.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-04-27
CVE-2019-11568
An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-04-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved