Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2021
CVE-2020-18701
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets.
CVSS Score
9.8
EPSS Score
0.012
Published
2021-08-16
CVE-2020-18702
Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the 'Username' parameter in the component 'quokka/admin/actions.py'.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-08-16
CVE-2020-18703
XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'.
CVSS Score
9.8
EPSS Score
0.026
Published
2021-08-16
CVE-2020-18704
Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'.
CVSS Score
9.8
EPSS Score
0.026
Published
2021-08-16
CVE-2020-18705
XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'.
CVSS Score
9.8
EPSS Score
0.026
Published
2021-08-16
CVE-2021-38751
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM.
CVSS Score
4.3
EPSS Score
0.129
Published
2021-08-16
CVE-2021-38752
A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-08-16
CVE-2021-38753
An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-08-16
CVE-2021-38754
SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-08-16
CVE-2021-38755
Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-08-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved