Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2020
CVE-2020-5679
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-12-03
CVE-2020-26246
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
CVSS Score
7.7
EPSS Score
0.0
Published
2020-12-03
CVE-2020-29279
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.
CVSS Score
9.8
EPSS Score
0.226
Published
2020-12-02
CVE-2020-29280
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
CVSS Score
9.8
EPSS Score
0.015
Published
2020-12-02
CVE-2020-29282
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
CVSS Score
9.8
EPSS Score
0.01
Published
2020-12-02
CVE-2020-29283
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-12-02
CVE-2020-29284
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.
CVSS Score
9.8
EPSS Score
0.213
Published
2020-12-02
CVE-2020-29285
SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-12-02
CVE-2020-29287
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
CVSS Score
9.8
EPSS Score
0.024
Published
2020-12-02
CVE-2020-29288
An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.
CVSS Score
9.8
EPSS Score
0.015
Published
2020-12-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved