Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2017
CVE-2017-17831
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-12-21
CVE-2017-17828
Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-12-21
CVE-2017-17829
Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter.
CVSS Score
7.2
EPSS Score
0.002
Published
2017-12-21
CVE-2017-17830
Bus Booking Script has CSRF via admin/new_master.php.
CVSS Score
6.8
EPSS Score
0.001
Published
2017-12-21
CVE-2017-17822
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVSS Score
4.9
EPSS Score
0.003
Published
2017-12-21
CVE-2017-17823
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVSS Score
4.9
EPSS Score
0.003
Published
2017-12-21
CVE-2017-17824
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVSS Score
4.9
EPSS Score
0.003
Published
2017-12-21
CVE-2017-17825
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-12-21
CVE-2017-17826
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration&section=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-21
CVE-2017-17827
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-12-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved