unh3x/unh3x.github.io

unh3x/unh3x.github.io

Releases2

Frequency1 month 4 weeks

Last Release about 9 years ago

A minimal Jekyll theme.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-13372 ↗	Jul 6, 2019Saturday, 6 July 2019, 23:15	9.8 CRITICAL	7.5 HIGH
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
CVE-2019-13373 ↗	Jul 6, 2019Saturday, 6 July 2019, 23:15	—	7.5 HIGH
An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL.
CVE-2019-13374 ↗	Jul 6, 2019Saturday, 6 July 2019, 23:15	—	4.3 MEDIUM
A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter.
CVE-2019-13375 ↗	Jul 6, 2019Saturday, 6 July 2019, 23:15	—	7.5 HIGH
A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication.