Category: CVE Validated

CVE-2012-1248 (basercms)

app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different...

Read More

CVE-2016-4074 (jq)

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jg 1.6_rc1-r0.

Read More

CVE-2018-15139 (openemr)

Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images...

Read More