Security Vulnerabilities - CVEs Published In 2021
SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system.
CVSS Score
9.8
EPSS Score
0.001
Published
2021-12-13
A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations.
CVSS Score
4.2
EPSS Score
0.0
Published
2021-12-13
fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-12-13
Insufficient Input Validation in the search functionality of Wordpress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.
CVSS Score
4.7
EPSS Score
0.008
Published
2021-12-13
Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.
CVSS Score
4.7
EPSS Score
0.008
Published
2021-12-13
Insufficient Input Validation in the search functionality of Wordpress plugin Lets-Box prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.
CVSS Score
4.7
EPSS Score
0.008
Published
2021-12-13
The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection
CVSS Score
8.8
EPSS Score
0.009
Published
2021-12-13
The Display Post Metadata WordPress plugin before 1.5.0 adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
CVSS Score
5.4
EPSS Score
0.002
Published
2021-12-13
The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize() PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-12-13
The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes
CVSS Score
4.3
EPSS Score
0.002
Published
2021-12-13