Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rodolfo tavares vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2020-25790
Typesetter CMS 5.x up to and including 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "con...
Typesettercms Typesetter
1 Github repository
7.2
CVSSv3
CVE-2022-23046
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
Phpipam Phpipam 1.4.4
4 Github repositories
NA
CVE-2019-1336309
Piwigo version 2.9.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
9.6
CVSSv3
CVE-2019-13363
admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send&am...
Piwigo Piwigo 2.9.5
9.6
CVSSv3
CVE-2019-13364
admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF.
Piwigo Piwigo 2.9.5
4.9
CVSSv3
CVE-2022-2863
The Migration, Backup, Staging WordPress plugin prior to 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack
Wpvivid Migration\\, Backup\\, Staging
5.4
CVSSv3
CVE-2021-30140
LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a clic...
Liquidfiles Liquidfiles 3.4.15
5.4
CVSSv3
CVE-2020-35582
A stored cross-site scripting (XSS) issue in Envira Gallery Lite prior to 1.8.3.3 allows remote malicious users to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter.
Enviragallery Envira Gallery
6.1
CVSSv3
CVE-2021-46426
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.
Phpipam Phpipam 1.4.4
6.1
CVSSv3
CVE-2019-20803
Gila CMS prior to 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
Gilacms Gila Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »