Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2018
CVE-2018-13445
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-07-08
CVE-2018-13447
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-07-08
CVE-2018-13448
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-07-08
CVE-2018-13449
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-07-08
CVE-2018-13450
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-07-08
CVE-2018-13439
WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-07-08
CVE-2018-13433
Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-07-08
CVE-2018-11349
The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-07-07
CVE-2018-11350
An issue was discovered in Jirafeau before 3.4.1. The file "search by name" form is affected by one Cross-Site Scripting vulnerability via the name parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-07-07
CVE-2018-11351
script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-07-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved