彙總 ens 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 SQL 注入、跨站腳本、CSRF與路徑處理缺陷,在 生產負載與軟體部署 使用場景中可能帶來 檔案覆寫、工作階段劫持與資料外洩 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2018-19515 | In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users. | [email protected] | 9.8 | 2.91% | 2019-03-21 | 2026-06-16 |
| CVE-2018-19514 | In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes part of a PHP eval() expression in the subscriber.php file. | [email protected] | 9.8 | 4.93% | 2019-03-21 | 2026-06-16 |
| CVE-2018-19513 | In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors. | [email protected] | 7.5 | 2.12% | 2019-03-21 | 2026-06-16 |
| CVE-2018-19512 | In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory. | [email protected] | 7.2 | 7.36% | 2019-03-21 | 2026-06-16 |
| CVE-2018-19511 | wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password. | [email protected] | 6.5 | 0.73% | 2019-03-21 | 2026-06-16 |
| CVE-2018-19510 | subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header. | [email protected] | 9.8 | 19.99% | 2019-03-21 | 2026-06-16 |
| CVE-2018-19509 | wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS. | [email protected] | 6.1 | 1.06% | 2019-03-21 | 2026-06-16 |