ens 漏洞与 CVE 列表(7)

产品(CPE): — CVE 数: 7

ens 漏洞概览

汇总 ens 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

常见弱点模式包括 SQL 注入、跨站脚本、CSRF与路径处理缺陷,在 生产负载与软件部署 使用场景中可能带来 文件覆盖、会话劫持与数据泄露 等风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 177 CVE 数
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2018-19515 In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users. [email protected] 9.8 2.91% 2019-03-21 2026-06-16
CVE-2018-19514 In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes part of a PHP eval() expression in the subscriber.php file. [email protected] 9.8 4.93% 2019-03-21 2026-06-16
CVE-2018-19513 In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors. [email protected] 7.5 2.12% 2019-03-21 2026-06-16
CVE-2018-19512 In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory. [email protected] 7.2 7.23% 2019-03-21 2026-06-16
CVE-2018-19511 wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password. [email protected] 6.5 0.73% 2019-03-21 2026-06-16
CVE-2018-19510 subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header. [email protected] 9.8 19.99% 2019-03-21 2026-06-16
CVE-2018-19509 wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS. [email protected] 6.1 1.06% 2019-03-21 2026-06-16
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
cvelogic Threat Intelligence