Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

daniel jones vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3
CVE-2018-19510
subscriber.php in Webgalamb up to and including 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header.
Ens Webgalamb
7.5
CVSSv3
CVE-2018-19513
In Webgalamb up to and including 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection erro...
Ens Webgalamb
9.8
CVSSv3
CVE-2018-19515
In Webgalamb up to and including 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users.
Ens Webgalamb
6.1
CVSSv3
CVE-2018-19509
wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to X...
Ens Webgalamb 7.0
6.5
CVSSv3
CVE-2018-19511
wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password.
Ens Webgalamb 7.0
9.8
CVSSv3
CVE-2018-19514
In Webgalamb up to and including 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload tha...
Ens Webgalamb
7.2
CVSSv3
CVE-2018-19512
In Webgalamb up to and including 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory.
Ens Webgalamb
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook