Security Vulnerabilities - CVEs Published In April 2024
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-08
TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default.
CVSS Score
8.4
EPSS Score
0.0
Published
2024-04-08
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-04-08
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh
CVSS Score
9.1
EPSS Score
0.001
Published
2024-04-08
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-08
A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.65 is able to address this issue. The identifier of the patch is 6182a5682b12369ced0becd3b505439ce2eb8132. It is recommended to upgrade the affected component. The identifier VDB-259629 was assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2024-04-08
AbrhilSoft Employee's Portal before v5.6.2 was discovered to contain a SQL injection vulnerability in the login page.
CVSS Score
9.1
EPSS Score
0.002
Published
2024-04-08
Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe
CVSS Score
7.8
EPSS Score
0.001
Published
2024-04-08
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Account/login.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259692.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-04-08
A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /Admin/login.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259691.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-04-08