Shodan
Vulnerabilities
Vulnerable Software
Comsenz:  Security Vulnerabilities
CVE-2018-14729
The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code.
CVSS Score
8.8
EPSS Score
0.584
Published
2019-05-22
CVE-2018-20422
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed).
CVSS Score
8.1
EPSS Score
0.003
Published
2018-12-24
CVE-2018-20423
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.
CVSS Score
8.1
EPSS Score
0.003
Published
2018-12-24
CVE-2018-20424
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the common_member_wechatmp data structure via an ac=unbindmp request to plugin.php.
CVSS Score
5.9
EPSS Score
0.002
Published
2018-12-24
CVE-2018-18083
An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing.
CVSS Score
9.8
EPSS Score
0.012
Published
2018-10-09
CVE-2018-18084
An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-09
CVE-2009-3185
SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action.
CVSS Score
7.5
EPSS Score
0.001
Published
2009-09-15
CVE-2008-6958
wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter.
CVSS Score
6.5
EPSS Score
0.039
Published
2009-08-12
CVE-2008-3554
SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action.
CVSS Score
7.5
EPSS Score
0.004
Published
2008-08-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved