Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2021
CVE-2020-20943
A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-12-27
CVE-2020-20944
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files.
CVSS Score
9.1
EPSS Score
0.012
Published
2021-12-27
CVE-2020-20945
A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-12-27
CVE-2020-20946
Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add.
CVSS Score
5.4
EPSS Score
0.006
Published
2021-12-27
CVE-2020-20948
An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-12-27
CVE-2021-45895
Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-27
CVE-2021-45890
basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-12-27
CVE-2021-21750
ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-12-27
CVE-2021-21751
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception.
CVSS Score
8.1
EPSS Score
0.004
Published
2021-12-27
CVE-2021-23244
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-12-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved