cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-13373,https://securityvulnerability.io/vulnerability/CVE-2019-13373,SQL Injection in D-Link Central WiFi Manager CWM(100),"The D-Link Central WiFi Manager CWM(100) prior to version v1.03R0100_BETA6 contains a vulnerability that allows unauthenticated users to exploit the database through arbitrary SQL statements. This vulnerability exists due to the lack of proper input validation on the /web/Public/Conn.php parameter 'dbSQL', which can lead to unauthorized access, data manipulation, and potential data breaches. It is crucial for users to upgrade to the latest version to mitigate the risks associated with this flaw.",D-Link,Central Wifimanager,9.8,CRITICAL,0.4946900010108948,false,,false,false,false,,,false,false,,2019-07-06T23:15:00.000Z,0
CVE-2019-13374,https://securityvulnerability.io/vulnerability/CVE-2019-13374,Cross-Site Scripting Vulnerability in D-Link Central WiFi Manager,"A cross-site scripting vulnerability exists in the resource view component of the D-Link Central WiFi Manager. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML through the passcode parameter in the index.php/Pay/passcodeAuth request. Unpatched installations prior to version 1.03R0100_BETA6 are particularly at risk, making it essential for users to apply the available updates to mitigate potential attacks.",D-Link,Central Wifimanager,6.1,MEDIUM,0.001509999972768128,false,,false,false,false,,,false,false,,2019-07-06T23:15:00.000Z,0
CVE-2019-13372,https://securityvulnerability.io/vulnerability/CVE-2019-13372,Remote Code Execution in D-Link Central WiFi Manager Affects Users,"The D-Link Central WiFi Manager (CWM(100)) prior to version v1.03R0100_BETA6 contains a significant vulnerability that enables remote attackers to execute arbitrary PHP code. This exploitation arises from a flaw in the handling of the username field within the cookie, which permits eval injection. Consequently, an attacker can exploit this weakness by submitting an empty password, thus bypassing standard authentication measures, enabling unauthorized access and control over the device.",D-Link,Central Wifimanager,9.8,CRITICAL,0.9534299969673157,false,,false,false,false,,,false,false,,2019-07-06T23:15:00.000Z,0
CVE-2019-13375,https://securityvulnerability.io/vulnerability/CVE-2019-13375,SQL Injection Vulnerability in D-Link Central WiFi Manager,"A SQL Injection vulnerability has been identified in D-Link Central WiFi Manager (CWM(100)), specifically in PayAction.class.php via the index.php/Pay/passcodeAuth parameter. This exploit allows an attacker to manipulate the SQL queries sent to the database, which can lead to unauthorized data exposure or alteration. No authentication is required, making this vulnerability particularly concerning for network security.",D-Link,Central Wifimanager,9.8,CRITICAL,0.005109999794512987,false,,false,false,false,,,false,false,,2019-07-06T23:15:00.000Z,0
CVE-2018-15517,https://securityvulnerability.io/vulnerability/CVE-2018-15517,,"The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI.",D-Link,Central Wifimanager,8.6,HIGH,0.004139999859035015,false,,false,false,false,,,false,false,,2019-01-31T19:00:00.000Z,0
CVE-2018-15515,https://securityvulnerability.io/vulnerability/CVE-2018-15515,,"The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse ""quserex.dll"" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.",D-Link,Central Wifimanager,7.8,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2019-01-31T19:00:00.000Z,0
CVE-2018-15516,https://securityvulnerability.io/vulnerability/CVE-2018-15516,,"The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.",D-Link,Central Wifimanager,5.8,MEDIUM,0.0026000000070780516,false,,false,false,false,,,false,false,,2019-01-31T19:00:00.000Z,0
CVE-2018-17443,https://securityvulnerability.io/vulnerability/CVE-2018-17443,,An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.,D-Link,Central Wifimanager,6.1,MEDIUM,0.01228999998420477,false,,false,false,false,,,false,false,,2018-10-08T16:00:00.000Z,0
CVE-2018-17442,https://securityvulnerability.io/vulnerability/CVE-2018-17442,,An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code.,D-Link,Central Wifimanager,8.8,HIGH,0.0055599999614059925,false,,false,false,false,,,false,false,,2018-10-08T16:00:00.000Z,0
CVE-2018-17441,https://securityvulnerability.io/vulnerability/CVE-2018-17441,,An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.,D-Link,Central Wifimanager,6.1,MEDIUM,0.01228999998420477,false,,false,false,false,,,false,false,,2018-10-08T16:00:00.000Z,0
CVE-2018-17440,https://securityvulnerability.io/vulnerability/CVE-2018-17440,,"An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.",D-Link,Central Wifimanager,9.8,CRITICAL,0.00749000022187829,false,,false,false,false,,,false,false,,2018-10-08T16:00:00.000Z,0