Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-917
Total 170 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15146 1 Sylius 1 Syliusresourcebundle 2024-11-21 6.5 MEDIUM 9.6 CRITICAL
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched.
CVE-2020-15143 1 Sylius 1 Syliusresourcebundle 2024-11-21 6.5 MEDIUM 7.7 HIGH
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched.
CVE-2019-9041 1 Zzzcms 1 Zzzphp 2024-11-21 6.5 MEDIUM 7.2 HIGH
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.
CVE-2019-7743 1 Joomla 1 Joomla\! 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.
CVE-2019-5916 1 D-circle 1 Power Egg 2024-11-21 7.5 HIGH 9.8 CRITICAL
Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and earlier, Ver 2.7 Government Edition Patch 7 and earlier, Ver 2.8 Patch 6 and earlier, Ver 2.8c Patch 5 and earlier, Ver 2.9 Patch 4 and earlier) allows remote attackers to execute EL expression on the server via unspecified vectors.
CVE-2019-5389 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-5388 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-5387 1 Hp 1 Intelligent Management Center 2024-11-21 10.0 HIGH 9.8 CRITICAL
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-5386 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-5385 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-5384 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-5383 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-5382 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-5381 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-5380 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-5379 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-5378 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-5377 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-5373 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-5372 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.