Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
daniel jones vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-19510
subscriber.php in Webgalamb up to and including 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header.
Ens Webgalamb
7.5
CVSSv3
CVE-2018-19513
In Webgalamb up to and including 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection erro...
Ens Webgalamb
9.8
CVSSv3
CVE-2018-19515
In Webgalamb up to and including 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users.
Ens Webgalamb
6.1
CVSSv3
CVE-2018-19509
wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to X...
Ens Webgalamb 7.0
6.5
CVSSv3
CVE-2018-19511
wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password.
Ens Webgalamb 7.0
9.8
CVSSv3
CVE-2018-19514
In Webgalamb up to and including 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload tha...
Ens Webgalamb
7.2
CVSSv3
CVE-2018-19512
In Webgalamb up to and including 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory.
Ens Webgalamb
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started