Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-7490

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-15 May, 2017 | 14:00
Updated At-05 Aug, 2024 | 16:04
Rejected At-
Credits

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:15 May, 2017 | 14:00
Updated At:05 Aug, 2024 | 16:04
Rejected At:
▼CVE Numbering Authority (CNA)

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.

Affected Products
Vendor
n/a
Product
Moodle 2.x and 3.x
Versions
Affected
  • Moodle 2.x and 3.x
Problem Types
TypeCWE IDDescription
textN/Aincorrect access control
Type: text
CWE ID: N/A
Description: incorrect access control
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://moodle.org/mod/forum/discuss.php?d=352354
x_refsource_CONFIRM
Hyperlink: https://moodle.org/mod/forum/discuss.php?d=352354
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://moodle.org/mod/forum/discuss.php?d=352354
x_refsource_CONFIRM
x_transferred
Hyperlink: https://moodle.org/mod/forum/discuss.php?d=352354
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:15 May, 2017 | 14:29
Updated At:13 May, 2026 | 00:24

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Moodle Pty Ltd
moodle
>>moodle>>2.7.0
cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.0
cpe:2.3:a:moodle:moodle:2.7.0:beta:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.0
cpe:2.3:a:moodle:moodle:2.7.0:rc1:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.0
cpe:2.3:a:moodle:moodle:2.7.0:rc2:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.1
cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.2
cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.3
cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.4
cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.5
cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.6
cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.7
cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.8
cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.9
cpe:2.3:a:moodle:moodle:2.7.9:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.10
cpe:2.3:a:moodle:moodle:2.7.10:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.11
cpe:2.3:a:moodle:moodle:2.7.11:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.12
cpe:2.3:a:moodle:moodle:2.7.12:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.13
cpe:2.3:a:moodle:moodle:2.7.13:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.14
cpe:2.3:a:moodle:moodle:2.7.14:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.15
cpe:2.3:a:moodle:moodle:2.7.15:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.16
cpe:2.3:a:moodle:moodle:2.7.16:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.17
cpe:2.3:a:moodle:moodle:2.7.17:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.7.18
cpe:2.3:a:moodle:moodle:2.7.18:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.0.0
cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.0.0
cpe:2.3:a:moodle:moodle:3.0.0:beta:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.0.0
cpe:2.3:a:moodle:moodle:3.0.0:rc1:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.0.0
cpe:2.3:a:moodle:moodle:3.0.0:rc2:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.0.0
cpe:2.3:a:moodle:moodle:3.0.0:rc3:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.0.0
cpe:2.3:a:moodle:moodle:3.0.0:rc4:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.0.1
cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.0.2
cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.0.3
cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.0.4
cpe:2.3:a:moodle:moodle:3.0.4:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.0.5
cpe:2.3:a:moodle:moodle:3.0.5:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.0.6
cpe:2.3:a:moodle:moodle:3.0.6:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.0.7
cpe:2.3:a:moodle:moodle:3.0.7:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.0.8
cpe:2.3:a:moodle:moodle:3.0.8:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.1.0
cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.1.0
cpe:2.3:a:moodle:moodle:3.1.0:beta:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.1.0
cpe:2.3:a:moodle:moodle:3.1.0:rc1:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.1.0
cpe:2.3:a:moodle:moodle:3.1.0:rc2:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.1.1
cpe:2.3:a:moodle:moodle:3.1.1:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.1.2
cpe:2.3:a:moodle:moodle:3.1.2:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.1.3
cpe:2.3:a:moodle:moodle:3.1.3:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.1.4
cpe:2.3:a:moodle:moodle:3.1.4:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.2.0
cpe:2.3:a:moodle:moodle:3.2.0:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.2.0
cpe:2.3:a:moodle:moodle:3.2.0:beta:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.2.0
cpe:2.3:a:moodle:moodle:3.2.0:rc1:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.2.0
cpe:2.3:a:moodle:moodle:3.2.0:rc2:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.2.0
cpe:2.3:a:moodle:moodle:3.2.0:rc3:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>3.2.0
cpe:2.3:a:moodle:moodle:3.2.0:rc4:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-668Primarynvd@nist.gov
CWE ID: CWE-668
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://moodle.org/mod/forum/discuss.php?d=352354secalert@redhat.com
Patch
Vendor Advisory
https://moodle.org/mod/forum/discuss.php?d=352354af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: https://moodle.org/mod/forum/discuss.php?d=352354
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://moodle.org/mod/forum/discuss.php?d=352354
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

122Records found
CVE-2020-8449
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.96% / 88.49%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 19:50
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

Action-Not Available
Vendor-n/aopenSUSESquid CacheCanonical Ltd.Debian GNU/LinuxFedora Project
Product-ubuntu_linuxdebian_linuxsquidfedoraleapn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-7912
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.08%
||
7 Day CHG~0.00%
Published-30 Jan, 2020 | 17:16
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-5386
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.88% / 75.54%
||
7 Day CHG~0.00%
Published-02 Sep, 2020 | 20:55
Updated-16 Sep, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system.

Action-Not Available
Vendor-Dell Inc.
Product-emc_elastic_cloud_storageElastic Cloud Storage
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-32249
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.52%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 20:31
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gain access to highly sensitive information (e.g., high privileged account credentials)

Action-Not Available
Vendor-SAP SE
Product-business_oneSAP Business one
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-31845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-53.12% / 97.99%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 13:09
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.

Action-Not Available
Vendor-n/aWAVLINK Technology Ltd.
Product-wn535g3_firmwarewn535g3n/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-30734
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.21% / 43.97%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 18:15
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-accountSamsung Account
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-29646
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.52%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 11:50
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3100ra3100r_firmwaren/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-28145
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.12%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 10:21
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.

Action-Not Available
Vendor-wuzhicmsn/a
Product-wuzhicmsn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-27361
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-89.18% / 99.55%
||
7 Day CHG-0.17%
Published-01 Jul, 2021 | 15:57
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories.

Action-Not Available
Vendor-n/aAkkadian Labs, LLC
Product-akkadian_provisioning_managern/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-26602
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.03%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 18:36
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 (October 2020).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-26650
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.82%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 14:13
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php

Action-Not Available
Vendor-atomxn/a
Product-atomxcmsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-25459
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.79%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 20:36
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling.

Action-Not Available
Vendor-webankn/a
Product-federated_ai_technology_enablern/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-25073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.66% / 71.39%
||
7 Day CHG~0.00%
Published-02 Sep, 2020 | 01:26
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. This affects both the freedombox and plinth packages of some Linux distributions, but only if the Apache mod_status module is enabled.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-freedomboxn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-21356
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.13%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 22:36
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads.

Action-Not Available
Vendor-popojicmsn/a
Product-popojicmsn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-18754
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 51.95%
||
7 Day CHG~0.00%
Published-13 Aug, 2021 | 16:08
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100.

Action-Not Available
Vendor-dccen/a
Product-mac1100_plc_firmwaremac1100_plcn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-13670
Matching Score-4
Assigner-Drupal.org
ShareView Details
Matching Score-4
Assigner-Drupal.org
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.50%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 15:45
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

Action-Not Available
Vendor-The Drupal Association
Product-drupalCore
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-11303
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.6||HIGH
EPSS-0.24% / 47.07%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 06:31
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Accepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9640_firmwaresa6150p_firmwaresa8145p_firmwareqca1023mdm9628_firmwarewcd9360_firmwaremdm9650csra6620qca9378amdm9645msm8992_firmwaremdm9250sa8150p_firmwareqca6595au_firmwaresa6155apq8009_firmwareqca6174_firmwaremdm8215csra6620_firmwaremdm9310_firmwareapq8076csra6640_firmwareqca0000_firmwareqca6564qca6584au_firmwareapq8076_firmwarewcn3990_firmwareqca9369qca9377wcn3998wcd9326_firmwaremdm9628wcn3615_firmwaremdm9206_firmwarewcn3660bapq8094qca4020sa8155qca6320_firmwareqca6584qca6574au_firmwaresdx55_firmwarewcn3680b_firmwareqca6595ausa6155_firmwaresdx12_firmwarewcn3615wcn3998_firmwarewcn3999_firmwarewcn3610_firmwarewcd9360apq8053_firmwaresdx20mqca6564au_firmwareqca6584ausa6155p_firmwareqca6310qca9367_firmwarewcn3999sa515m_firmwareqca9367qca0000apq8092sa8155_firmwaresd821mdm9607_firmwaremdm9655_firmwaremsm8994_firmwareqcs405sa6145p_firmwaremsm8992wcd9340sa8195pwsa8810_firmwareqca1990_firmwareqca4020_firmwarewcd9326wcd9335sa6155pqca6174a_firmwaremdm9250_firmwarewcd9341mdm9655qca6696_firmwaremdm8215_firmwareapq8064aumsm8976sa8150pmsm8994sd210apq8092_firmwaresd820sdx20_firmwarewsa8815_firmwaresa8195p_firmwarecsr6030_firmwareqca6564awcn3610mdm9640wcn3990wcd9330msm8996au_firmwarecsr6030qca6595qca6564ausdx24msm8976_firmwareqca6574msm8996auqca9369_firmwareqca6574amdm9206qca9379_firmwareqca6174asdx24_firmwareqca6310_firmwareapq8094_firmwareqca6174wcd9335_firmwarewcn3980mdm9615sa515mqca6574_firmwareqca9886wcd9340_firmwarewsa8815qca6320qca6584_firmwaremdm9650_firmwareqca6175amdm9215_firmwarewcn3660b_firmwareqca6574a_firmwareqca1990wcn3980_firmwareapq8009wcd9330_firmwaremdm9310sd821_firmwaremdm9626apq8064au_firmwarear8031_firmwareqca6234sdx20mdm9215mdm9626_firmwareqca6574ausa8155p_firmwaremdm9607mdm9645_firmwareqca6564a_firmwarewcd9341_firmwaresdx20m_firmwarewsa8810sd210_firmwaresa6145pwcn3680bqca9886_firmwareqca6564_firmwareapq8096auar8031qca1023_firmwareqca6595_firmwareqcs405_firmwaresa8145pqca6696sd820_firmwaresd845_firmwaresa6150psdx55apq8053apq8096au_firmwarecsra6640sa8155psd845mdm9615_firmwareqca9378a_firmwaresdx12qca9379qca6175a_firmwareqca6234_firmwareSnapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-31846
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-26.38% / 96.37%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 13:09
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.

Action-Not Available
Vendor-n/aWAVLINK Technology Ltd.
Product-wn535g3_firmwarewn535g3n/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-30732
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 43.84%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 18:14
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-accountSamsung Account
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2016-11007
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 55.08%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 14:44
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.

Action-Not Available
Vendor-usabilitydynamicsn/a
Product-wp-invoicen/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-41140
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 46.04%
||
7 Day CHG~0.00%
Published-19 Oct, 2021 | 18:05
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reactions leak for secure category topics and private messages

Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versions reactions given by user to secure topics and private messages are visible. This issue is patched in version 0.2 of discourse-reaction. Users who are unable to update are advised to disable the Discourse-reactions plugin in admin panel.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discourse_reactionsdiscourse-reactions
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-6100
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 54.31%
||
7 Day CHG~0.00%
Published-23 Feb, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.

Action-Not Available
Vendor-tcpdf_projectn/a
Product-tcpdfn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found