Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
karmainsecurity.com vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-46817
An issue exists in phpFox prior to 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated malicious users to inject arbitrary PH...
Phpfox Phpfox
NA
CVE-2023-46818
An issue exists in ISPConfig prior to 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
Ispconfig Ispconfig 3.2.11
Ispconfig Ispconfig
6.5
CVSSv2
CVE-2020-8800
SuiteCRM up to and including 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.
Salesagility Suitecrm
6.5
CVSSv2
CVE-2020-8801
SuiteCRM up to and including 7.11.11 allows PHAR Deserialization.
Salesagility Suitecrm
7.5
CVSSv2
CVE-2020-8802
SuiteCRM up to and including 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
Salesagility Suitecrm
7.5
CVSSv2
CVE-2020-8803
SuiteCRM up to and including 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
Salesagility Suitecrm
4
CVSSv2
CVE-2020-8804
SuiteCRM up to and including 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.
Salesagility Suitecrm
6
CVSSv2
CVE-2021-32924
Invision Community (aka IPS Community Suite) prior to 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method.
Invisioncommunity Ips Community Suite
NA
CVE-2024-30163
Invision Community versions 4.4.0 through 4.7.15 suffer from a remote SQL injection vulnerability in store.php.
1 Github repository
NA
CVE-2023-35808
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing ...
Sugarcrm Sugarcrm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »