Every CVE whose affected-product data names Ens Webgalamb, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2018-19510 — CVSS 9.8 (critical): subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header.
CVE-2018-19515 — CVSS 9.8 (critical): In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the…
CVE-2018-19514 — CVSS 9.8 (critical): In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation…
CVE-2018-19513 — CVSS 7.5 (high): In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log…
CVE-2018-19512 — CVSS 7.2 (high): In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by…
CVE-2018-19511 — CVSS 6.5 (medium): wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator…
CVE-2018-19509 — CVSS 6.1 (medium): wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual…