CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 2CVE-2020-28687 – Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile
https://notcve.org/view.php?id=CVE-2020-28687
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. La funcionalidad edit profile en ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT AND MYSQL versión 1.0, permite a atacantes remotos cargar archivos • https://www.exploit-db.com/exploits/49167 https://code-projects.org/artworks-gallery-in-php-css-javascript-and-mysql-free-download https://packetstormsecurity.com/files/160095/Artworks-Gallery-1.0-Shell-Upload.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 2CVE-2020-28688 – Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Add Artwork
https://notcve.org/view.php?id=CVE-2020-28688
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. La funcionalidad add artwork en ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT AND MYSQL versión 1.0, permite a atacantes remotos cargar archivos Artworks Gallery version 1.0 suffers from multiple remote shell upload vulnerabilities. • https://www.exploit-db.com/exploits/49166 https://code-projects.org/artworks-gallery-in-php-css-javascript-and-mysql-free-download https://packetstormsecurity.com/files/160095/Artworks-Gallery-1.0-Shell-Upload.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14939
https://notcve.org/view.php?id=CVE-2019-14939
An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default. Se detectó un problema en el módulo mysql (también conocido como mysqljs) versión 2.17.1, para Node.js. La opción LOAD DATA LOCAL INFILE está abierta por defecto. • https://github.com/mysqljs/mysql/issues/2257 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-3754
https://notcve.org/view.php?id=CVE-2018-3754
Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database. El modulo externo de Node.js query-mysql en sus versiones 0.0.0, 0.0.1 y 0.0.2 es vulnerable a una inyección SQL debido a la falta de saneamiento de las entradas del usuario. Esto podría permitir que un atacante ejecute consultas SQL arbitrarias cuando se recuperan los datos de la base de datos. • https://hackerone.com/reports/311244 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-10757 – CSP MySQL User Manager 2.3.1 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2018-10757
CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt. CSP MySQL User Manager 2.3.1 permite la inyección SQL y una omisión de autenticación resultante mediante un nombre de usuario manipulado durante un intento de inicio de sesión. CSP MySQL User Manager version 2.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass. • https://www.exploit-db.com/exploits/44589 https://github.com/dukereborn/cmum/commit/c89158ec646c4e8e95587b650f6fd86b502ff8b5 https://packetstormsecurity.com/files/147501/cspmysqlum231-sql.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •