Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2020
CVE-2020-24949
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).
CVSS Score
8.8
EPSS Score
0.897
Published
2020-09-03
CVE-2020-4337
IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-09-03
CVE-2020-4638
IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508.
CVSS Score
7.2
EPSS Score
0.005
Published
2020-09-03
CVE-2020-7381
In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during a Security Console installation and any arbitrary code executable using the same file name.
CVSS Score
5.8
EPSS Score
0.004
Published
2020-09-03
CVE-2020-7729
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
CVSS Score
7.1
EPSS Score
0.024
Published
2020-09-03
CVE-2020-25087
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/languages.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-09-03
CVE-2020-25088
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-09-03
CVE-2020-25089
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/discounts.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-09-03
CVE-2020-25090
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/publish.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-09-03
CVE-2020-25091
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/add_product.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-09-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved