|
249441
|
8.8 |
HIGH
Network
|
skycaiji
|
skycaiji
|
SkyCaiji 1.2 allows CSRF to add an Administrator user.
|
CWE-352
Origin Validation Error
|
CVE-2018-11371
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249442
|
9.8 |
CRITICAL
Network
|
pbootcms
|
pbootcms
|
An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter.
|
CWE-89
SQL Injection
|
CVE-2018-11369
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249443
|
4.7 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack o…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11328
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249444
|
4.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission.
|
CWE-200
Information Exposure
|
CVE-2018-11327
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249445
|
4.8 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11326
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249446
|
9.8 |
CRITICAL
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and dis…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2018-11325
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249447
|
5.9 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was ex…
|
CWE-362
Race Condition
|
CVE-2018-11324
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249448
|
8.8 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.
|
CWE-269
Improper Privilege Management
|
CVE-2018-11323
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249449
|
7.5 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-11322
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249450
|
6.5 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated …
|
CWE-20
Improper Input Validation
|
CVE-2018-11321
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
