Emlsoft Project Emlsoft — known CVE vulnerabilities
Every CVE whose affected-product data names Emlsoft Project Emlsoft, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2018-14968 — CVSS 9.8 (critical): An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.address.php has SQL Injection via the numPerPage parameter.
CVE-2018-14965 — CVSS 8.8 (high): An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=address&do=add page allows CSRF.
CVE-2018-14966 — CVSS 8.8 (high): An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF.
CVE-2018-14967 — CVSS 8.8 (high): An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.user.php has SQL Injection via the numPerPage parameter.
CVE-2018-14964 — CVSS 5.4 (medium): An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page.