Security Vulnerabilities - CVEs Published In December 2017
Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.
CVSS Score
9.8
EPSS Score
0.025
Published
2017-12-13
CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.
CVSS Score
9.8
EPSS Score
0.025
Published
2017-12-13
Child Care Script 1.0 has SQL Injection via the /list city parameter.
CVSS Score
9.8
EPSS Score
0.025
Published
2017-12-13
Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVSS Score
9.8
EPSS Score
0.025
Published
2017-12-13
E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.
CVSS Score
9.8
EPSS Score
0.025
Published
2017-12-13
Doctor Search Script 1.0 has SQL Injection via the /list city parameter.
CVSS Score
9.8
EPSS Score
0.025
Published
2017-12-13
MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets.
CVSS Score
7.5
EPSS Score
0.223
Published
2017-12-13
Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-12-13
Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-12-13
Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-13