Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

DefaultFuction

Source -

CNA

BOS Name -

N/A

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2026-5333
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.26% / 49.15%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 13:30
Updated-07 Apr, 2026 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DefaultFuction Content-Management-System tools.php command injection

A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-defaultfuctionDefaultFuction
Product-content_management_systemContent-Management-System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-4623
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 18.09%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 01:39
Updated-24 Mar, 2026 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DefaultFuction Jeson-Customer-Relationship-Management-System API Module System.php server-side request forgery

A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The identifier of the patch is f76e7123fe093b8675f88ec8f71725b0dd186310/98bd4eb07fa19d4f2c5228de6395580013c97476. It is suggested to install a patch to address this issue.

Action-Not Available
Vendor-DefaultFuction
Product-Jeson-Customer-Relationship-Management-System
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-3616
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.93%
||
7 Day CHG~0.00%
Published-06 Mar, 2026 | 01:32
Updated-09 Mar, 2026 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DefaultFuction Jeson Customer Relationship Management System edit.php sql injection

A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. The patch is named f0e991870e9d33701cca3a1d0fd4eec135af01a6. It is suggested to install a patch to address this issue.

Action-Not Available
Vendor-DefaultFuction
Product-Jeson Customer Relationship Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')