Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2019
CVE-2019-16693
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
CVSS Score
9.8
EPSS Score
0.159
Published
2019-09-22
CVE-2019-16694
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-09-22
CVE-2019-16680
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
CVSS Score
4.3
EPSS Score
0.018
Published
2019-09-21
CVE-2019-16681
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. (When in physical possession of the device, opening local files is also possible.) NOTE: As of 2019-09-23, the vendor has not agreed that this issue has serious impact. The vendor states that the issue is not critical because it does not allow Elevation of Privilege, Sensitive Data Leakage, or any critical unauthorized activity from a malicious user. The vendor also states that a victim must first install a malicious APK to their application.
CVSS Score
4.7
EPSS Score
0.003
Published
2019-09-21
CVE-2019-16677
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-09-21
CVE-2019-16678
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-09-21
CVE-2019-16679
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
CVSS Score
4.9
EPSS Score
0.029
Published
2019-09-21
CVE-2019-16669
The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-09-21
CVE-2019-16656
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-09-21
CVE-2019-16657
TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved