Security Vulnerabilities - CVEs Published In 2018
An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. If a user imports a "Charles Settings.xml" file from an attacker, an intranet network may be accessed and information may be leaked.
CVSS Score
8.6
EPSS Score
0.004
Published
2018-11-13
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation.
CVSS Score
7.5
EPSS Score
0.007
Published
2018-11-12