» 2019 » 9월

CVE-2019-16123

Posted on 2019년 9월 9일2019년 9월 9일 by admin

CVE-2019-16123

In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.

Source: CVE-2019-16123

CVE-2019-16124

Posted on 2019년 9월 9일2019년 9월 9일 by admin

CVE-2019-16124

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code.

Source: CVE-2019-16124

CVE-2019-16125

Posted on 2019년 9월 9일2019년 9월 9일 by admin

CVE-2019-16125

In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection.

Source: CVE-2019-16125

CVE-2019-16126

Posted on 2019년 9월 9일2019년 9월 9일 by admin

CVE-2019-16126

Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images.

Source: CVE-2019-16126

CVE-2019-16118

Posted on 2019년 9월 9일2019년 9월 9일 by admin

CVE-2019-16118

Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.

Source: CVE-2019-16118

CVE-2019-16119

Posted on 2019년 9월 9일2019년 9월 9일 by admin

CVE-2019-16119

SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.

Source: CVE-2019-16119

CVE-2019-16120

Posted on 2019년 9월 9일2019년 9월 9일 by admin

CVE-2019-16120

CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature.

Source: CVE-2019-16120

CVE-2019-16117

Posted on 2019년 9월 9일2019년 9월 9일 by admin

CVE-2019-16117

Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.

Source: CVE-2019-16117

CVE-2019-16115

Posted on 2019년 9월 9일2019년 9월 9일 by admin

CVE-2019-16115

In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.

Source: CVE-2019-16115

CVE-2019-16113

Posted on 2019년 9월 9일2019년 9월 9일 by admin

CVE-2019-16113

Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.

Source: CVE-2019-16113