Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2021
CVE-2020-21121
Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-09-15
CVE-2020-21122
UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-09-15
CVE-2020-21124
UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-09-15
CVE-2020-21125
An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-09-15
CVE-2020-21126
MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-09-15
CVE-2021-39209
GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-09-15
CVE-2021-27044
A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.
CVSS Score
7.8
EPSS Score
0.01
Published
2021-09-15
CVE-2021-40157
A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-09-15
CVE-2020-19148
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-09-15
CVE-2020-19150
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'.
CVSS Score
8.1
EPSS Score
0.006
Published
2021-09-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved