Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2018
CVE-2018-1905
IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152534.
CVSS Score
7.1
EPSS Score
0.005
Published
2018-11-26
CVE-2018-19555
tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-11-26
CVE-2018-19556
zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability
CVSS Score
4.3
EPSS Score
0.003
Published
2018-11-26
CVE-2018-19557
An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-11-26
CVE-2018-19558
An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-11-26
CVE-2018-19559
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-11-26
CVE-2018-19560
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-11-26
CVE-2018-19561
sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-11-26
CVE-2018-19562
An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive.
CVSS Score
8.8
EPSS Score
0.013
Published
2018-11-26
CVE-2018-19544
JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-11-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved