Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ron jost vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-18048
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
Monstra Monstra 3.0.4
8.8
CVSSv3
CVE-2021-25076
The WP User Frontend WordPress plugin prior to 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cr...
Wedevs Wp User Frontend
1 Github repository
7.5
CVSSv3
CVE-2014-8722
GetSimple CMS 3.3.4 allows remote malicious users to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.
Get-simple Getsimple Cms 3.3.4
9.1
CVSSv3
CVE-2018-15152
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR prior to 5.0.1.4 allows a remote malicious user to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php...
Open-emr Openemr
8.8
CVSSv3
CVE-2021-24347
The SP Project & Document Manager WordPress plugin prior to 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It exists that php files...
Smartypantsplugins Sp Project & Document Manager
7.2
CVSSv3
CVE-2021-24155
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin prior to 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
Backup-guard Backup Guard
8.8
CVSSv3
CVE-2017-14535
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
Netfortris Trixbox 2.8.0.4
6.5
CVSSv3
CVE-2017-14537
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
Netfortris Trixbox 2.8.0.4
8.8
CVSSv3
CVE-2018-6383
Monstra CMS up to and including 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a ...
Monstra Monstra
5.3
CVSSv3
CVE-2021-39327
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This a...
Ait-pro Bulletproof Security
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
remote code execution
CVE-2024-37080
CVE-2024-5182
CVE-2024-4390
CVE-2024-6100
brute force
CVE-2021-47581
file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »