Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
website vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-2751
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/add-portfolio.php. The manipulation of the argument ufile leads to unrestricted upload. The attack may be launch...
Company Website Cms Project Company Website Cms -
8.8
CVSSv3
CVE-2022-2694
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be use...
Company Website Cms Project Company Website Cms -
6.5
CVSSv3
CVE-2022-2702
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file site-settings.php of the component Cookie Handler. The manipulation leads to improper access controls. The attack may be la...
Company Website\\/cms Project Company Website\\/cms -
NA
CVE-2008-0665
wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.
Website Meta Language Website Meta Language 2.0.11
9.8
CVSSv3
CVE-2017-15992
Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.
Website Broker Script Project Website Broker Script -
1 EDB exploit
NA
CVE-2008-0666
Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.
Website Meta Language Website Meta Language 2.0.11
6.1
CVSSv3
CVE-2021-38347
The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 2.2.
Custom Website Data Project Custom Website Data
NA
CVE-2006-6220
Multiple SQL injection vulnerabilities in Recipes Website (Recipes Complete Website) 1.1.14 allow remote malicious users to execute arbitrary SQL commands via the (1) recipeid parameter to recipe.php or the (2) categoryid parameter to list.php.
Recipes Complete Website Recipes Complete Website 1.1.14
1 EDB exploit
5.4
CVSSv3
CVE-2022-27330
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.
E-commerce Website Project E-commerce Website 1.0
9.8
CVSSv3
CVE-2022-26283
Simple Subscription Website v1.0 exists to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows malicious users to dump the application's database via crafted HTTP requests.
Simple Subscription Website Project Simple Subscription Website 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »