Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2023
CVE-2023-6026
A Path traversal vulnerability has been reported in elijaa/phpmemcachedadmin affecting version 1.3.0. This vulnerability allows an attacker to delete files stored on the server due to lack of proper verification of user-supplied input.
CVSS Score
9.8
EPSS Score
0.011
Published
2023-11-30
CVE-2023-5965
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution.
CVSS Score
9.1
EPSS Score
0.012
Published
2023-11-30
CVE-2023-48912
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-11-30
CVE-2023-48913
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-11-30
CVE-2023-48914
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-11-30
CVE-2023-48963
Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-30
CVE-2023-48964
Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-30
CVE-2023-4770
An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-11-30
CVE-2023-47645
Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.2.6.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-11-30
CVE-2023-47827
Incorrect Authorization vulnerability in NicheAddons Events Addon for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Events Addon for Elementor: from n/a through 2.1.3.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-11-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved