Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2018
CVE-2018-18935
An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-11-05
CVE-2018-18936
An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote attackers to delete arbitrary files via directory traversal in the po-admin/route.php?mod=library&act=delete id parameter.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-11-05
CVE-2018-18937
An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-11-05
CVE-2018-18938
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-11-05
CVE-2018-18939
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-11-05
CVE-2018-18942
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.
CVSS Score
7.2
EPSS Score
0.024
Published
2018-11-05
CVE-2018-18943
An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-11-05
CVE-2018-18949
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.
CVSS Score
9.8
EPSS Score
0.128
Published
2018-11-05
CVE-2018-18950
KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-11-05
CVE-2018-18952
JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI.
CVSS Score
4.8
EPSS Score
0.001
Published
2018-11-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved