Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
karmainsecurity.com vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-26598
ImpressCMS prior to 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).
Impresscms Impresscms
7.5
CVSSv2
CVE-2021-26599
ImpressCMS prior to 1.4.3 allows include/findusers.php groups SQL Injection.
Impresscms Impresscms
7.5
CVSSv2
CVE-2019-18662
An issue exists in YouPHPTube up to and including 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL que...
Youphptube Youphptube
NA
CVE-2023-47271
PKP-WAL (aka PKP Web Application Library or pkp-lib) prior to 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an iss...
Sfu Pkp Web Application Library
NA
CVE-2023-46817
An issue exists in phpFox prior to 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated malicious users to inject arbitrary PH...
Phpfox Phpfox
NA
CVE-2023-46818
An issue exists in ISPConfig prior to 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
Ispconfig Ispconfig 3.2.11
Ispconfig Ispconfig
NA
CVE-2023-35808
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing ...
Sugarcrm Sugarcrm
NA
CVE-2023-35809
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular us...
Sugarcrm Sugarcrm
NA
CVE-2023-35810
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module becau...
Sugarcrm Sugarcrm
NA
CVE-2023-35811
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privi...
Sugarcrm Sugarcrm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »