Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
website vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-27435
An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows malicious users to upload a webshell via the Product Image component.
Ecommerce-website Project Ecommerce-website 1.1.0
9.8
CVSSv3
CVE-2018-17840
SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter.
Education Website Project Education Website 1.0
6.1
CVSSv3
CVE-2022-45990
A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.
Ecommerce-website Project Ecommerce-website 1.0
8.8
CVSSv3
CVE-2022-27346
Ecommece-Website v1.1.0 exists to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows malicious users to execute arbitrary code via a crafted PHP file.
Ecommerce-website Project Ecommerce-website 1.1.0
4.8
CVSSv3
CVE-2022-27436
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_user at Ecommerce-Website v1.1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field.
Ecommerce-website Project Ecommerce-website 1.1.0
NA
CVE-2007-3525
Ripe Website Manager 0.8.9 and previous versions allows remote malicious users to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely ...
Ripe Website Manager Ripe Website Manager
6.1
CVSSv3
CVE-2021-38347
The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 2.2.
Custom Website Data Project Custom Website Data
NA
CVE-2006-6220
Multiple SQL injection vulnerabilities in Recipes Website (Recipes Complete Website) 1.1.14 allow remote malicious users to execute arbitrary SQL commands via the (1) recipeid parameter to recipe.php or the (2) categoryid parameter to list.php.
Recipes Complete Website Recipes Complete Website 1.1.14
1 EDB exploit
9.8
CVSSv3
CVE-2022-2750
A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. Affected is an unknown function of the file /dashboard/add-service.php of the component Add Service Handler. The manipulation leads to unrestricted upload. It is possible to launch...
Company Website Cms Project Company Website Cms -
9.8
CVSSv3
CVE-2022-2751
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/add-portfolio.php. The manipulation of the argument ufile leads to unrestricted upload. The attack may be launch...
Company Website Cms Project Company Website Cms -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »