Security Vulnerabilities - CVEs Published In September 2018
SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-09-28
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-09-28
SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-09-28
SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-09-28
SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-09-28
SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-09-28
SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-09-28
SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-09-28
SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-09-28
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-09-28