Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2020
CVE-2020-35598
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623
CVSS Score
7.5
EPSS Score
0.744
Published
2020-12-23
CVE-2020-13968
CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter.
CVSS Score
9.8
EPSS Score
0.008
Published
2020-12-23
CVE-2020-13969
CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter. This is path-independent.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-12-23
CVE-2020-27397
Marital - Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server via uploading a maliciously crafted PHP file.
CVSS Score
8.8
EPSS Score
0.023
Published
2020-12-23
CVE-2020-28070
SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter.
CVSS Score
9.8
EPSS Score
0.094
Published
2020-12-23
CVE-2020-28071
SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting (XSS) in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS payload in the description textarea called 'about' and reach a stored XSS.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-12-23
CVE-2020-28073
SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-12-23
CVE-2020-28074
SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin.
CVSS Score
9.8
EPSS Score
0.008
Published
2020-12-23
CVE-2020-4642
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the "DB2 Management Service".
CVSS Score
6.2
EPSS Score
0.001
Published
2020-12-23
CVE-2018-1000891
Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving messages with invalid checksums.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-12-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved