Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rodolfo tavares vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2022-23046
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
Phpipam Phpipam 1.4.4
4 Github repositories
NA
CVE-2019-1336309
Piwigo version 2.9.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
7.2
CVSSv3
CVE-2020-25790
Typesetter CMS 5.x up to and including 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "con...
Typesettercms Typesetter
1 Github repository
9.6
CVSSv3
CVE-2019-13363
admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send&am...
Piwigo Piwigo 2.9.5
9.6
CVSSv3
CVE-2019-13364
admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF.
Piwigo Piwigo 2.9.5
5.4
CVSSv3
CVE-2020-35582
A stored cross-site scripting (XSS) issue in Envira Gallery Lite prior to 1.8.3.3 allows remote malicious users to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter.
Enviragallery Envira Gallery
6.1
CVSSv3
CVE-2021-46426
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.
Phpipam Phpipam 1.4.4
4.9
CVSSv3
CVE-2022-2863
The Migration, Backup, Staging WordPress plugin prior to 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack
Wpvivid Migration\\, Backup\\, Staging
6.1
CVSSv3
CVE-2019-20803
Gila CMS prior to 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
Gilacms Gila Cms
8.8
CVSSv3
CVE-2019-20804
Gila CMS prior to 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
Gilacms Gila Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »