Sync EUVD catalog: Sun May 24 00:53:29 UTC 2026

Signed-off-by: AboutCode Automation <automation@aboutcode.org>

Author: aboutcode-automation

advisories/2026/05/EUVD-2018-21862.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21862",
+  "enisaUuid": "cc8f01f5-4a39-3922-b8e5-a21402643b31",
+  "description": "Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and database names.",
+  "datePublished": "May 23, 2026, 6:30:44 PM",
+  "dateUpdated": "May 23, 2026, 6:30:44 PM",
+  "baseScore": 8.8,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/44823\nhttps://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-website\nhttps://github.com/smakosh/Smartshop/archive/master.zip\nhttps://www.vulncheck.com/advisories/smartshop-1-sql-injection-via-product-php-id-parameter\n",
+  "aliases": "CVE-2018-25341\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "a6bb2896-14c9-3b2e-84c6-5a3963f5da42",
+      "product": {
+        "name": "Smartshop"
+      },
+      "product_version": "1.0"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "ffb7f171-09c9-302c-8231-9f02662329c8",
+      "vendor": {
+        "name": "Behance"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21863.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21863",
+  "enisaUuid": "0ed642c1-ec2c-346c-a72a-818493ef7cde",
+  "description": "Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting editprofile.php with hidden fields for email and password parameters that execute automatically when visited by an authenticated admin user.",
+  "datePublished": "May 23, 2026, 6:30:45 PM",
+  "dateUpdated": "May 23, 2026, 6:30:45 PM",
+  "baseScore": 5.3,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
+  "references": "https://www.exploit-db.com/exploits/44824\nhttps://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-website\nhttps://github.com/smakosh/Smartshop/archive/master.zip\nhttps://www.vulncheck.com/advisories/smartshop-1-cross-site-request-forgery-via-editprofile-php\n",
+  "aliases": "CVE-2018-25343\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "58e25a4a-cdad-35e8-aa1c-a9ae968b990f",
+      "product": {
+        "name": "Smartshop"
+      },
+      "product_version": "1.0"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "0a7bc786-52c6-35d6-ada0-587321acf7a0",
+      "vendor": {
+        "name": "Behance"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21864.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21864",
+  "enisaUuid": "40b0e25f-66b2-3a7a-b695-34d2ca417f75",
+  "description": "Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract sensitive database information including product details and system data.",
+  "datePublished": "May 23, 2026, 6:30:45 PM",
+  "dateUpdated": "May 23, 2026, 6:30:45 PM",
+  "baseScore": 8.8,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/44823\nhttps://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-website\nhttps://github.com/smakosh/Smartshop/archive/master.zip\nhttps://www.vulncheck.com/advisories/smartshop-1-sql-injection-via-search-php\n",
+  "aliases": "CVE-2018-25342\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "273696dc-8faa-3371-81b0-04b2ee60ceb5",
+      "product": {
+        "name": "Smartshop"
+      },
+      "product_version": "1.0"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "6be70f85-abca-3f1d-8841-c043e9977be3",
+      "vendor": {
+        "name": "Behance"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21865.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21865",
+  "enisaUuid": "4ef8184c-f4bc-3ec0-ab58-89ebde211ba7",
+  "description": "Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and other data.",
+  "datePublished": "May 23, 2026, 6:30:43 PM",
+  "dateUpdated": "May 23, 2026, 6:30:43 PM",
+  "baseScore": 8.8,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/44823\nhttps://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-website\nhttps://github.com/smakosh/Smartshop/archive/master.zip\nhttps://www.vulncheck.com/advisories/smartshop-1-sql-injection-via-category-php\n",
+  "aliases": "CVE-2018-25340\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "8b141cb5-34b2-3c0d-8d29-af49f14c0a40",
+      "product": {
+        "name": "Smartshop"
+      },
+      "product_version": "1.0"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "d157a995-85b3-3954-aa3c-a6f3c6eb8f1a",
+      "vendor": {
+        "name": "Behance"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21866.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21866",
+  "enisaUuid": "3b851b1b-ff45-3df4-801e-0258b3fbae7a",
+  "description": "WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generete_csv actions. Attackers can submit POST requests with malicious SQL payloads in the name and search_labels parameters to extract, modify, or escalate privileges within the WordPress database.",
+  "datePublished": "May 23, 2026, 6:30:48 PM",
+  "dateUpdated": "May 23, 2026, 6:30:48 PM",
+  "baseScore": 7.1,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/44853\nhttps://www.vulncheck.com/advisories/wordpress-form-maker-plugin-sql-injection-via-admin-ajax-php\n",
+  "aliases": "CVE-2018-25346\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "6122086c-51cd-340f-8f0c-81fd76e28fb7",
+      "product": {
+        "name": "Form Maker"
+      },
+      "product_version": "0 \u22641.12.24"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "fcefde85-d684-372c-b0c6-a42f81a43fe5",
+      "vendor": {
+        "name": "10web"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21867.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21867",
+  "enisaUuid": "07e8b26f-d72b-32ba-b3b5-f2ed8aa6e787",
+  "description": "10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the Trace route or System information functions to achieve code execution.",
+  "datePublished": "May 23, 2026, 6:30:47 PM",
+  "dateUpdated": "May 23, 2026, 6:30:47 PM",
+  "baseScore": 8.6,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/44841\nhttps://www.10-strike.com/\nhttps://www.vulncheck.com/advisories/10-strike-network-scanner-local-buffer-overflow-seh\n",
+  "aliases": "CVE-2018-25345\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "b5771530-f15c-39e2-85af-fc7322f79e05",
+      "product": {
+        "name": "Network Scanner"
+      },
+      "product_version": "3.0"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "2eaab8da-d603-332b-9d6c-4585c8c2b6c2",
+      "vendor": {
+        "name": "10-Strike"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21868.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21868",
+  "enisaUuid": "308b12c6-8b9c-3734-a1cf-af81032d246c",
+  "description": "10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string with 4188 bytes of padding followed by SEH chain values and shellcode, then paste it into the registration dialog to achieve code execution with application privileges.",
+  "datePublished": "May 23, 2026, 6:30:46 PM",
+  "dateUpdated": "May 23, 2026, 6:30:46 PM",
+  "baseScore": 8.6,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/44840\nhttps://www.10-strike.com/\nhttps://www.vulncheck.com/advisories/10-strike-network-inventory-explorer-buffer-overflow-seh\n",
+  "aliases": "CVE-2018-25344\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "fce6f73b-b78a-3f21-87ec-6b23ca759a77",
+      "product": {
+        "name": "Network Inventory Explorer"
+      },
+      "product_version": "8.54"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "75f2118c-75ff-3e95-863e-9375634f82f0",
+      "vendor": {
+        "name": "10-Strike"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21869.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21869",
+  "enisaUuid": "82855e34-2d34-38f3-9b3d-075082ef7760",
+  "description": "userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators visit the audit log page.",
+  "datePublished": "May 23, 2026, 6:30:50 PM",
+  "dateUpdated": "May 23, 2026, 6:30:50 PM",
+  "baseScore": 5.1,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
+  "references": "https://www.exploit-db.com/exploits/44871\nhttps://www.vulncheck.com/advisories/userspice-cross-site-scripting-via-x-forwarded-for-header\n",
+  "aliases": "CVE-2018-25349\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "0bbb0492-1360-34c1-ae38-27afef219b5a",
+      "product": {
+        "name": "userSpice"
+      },
+      "product_version": "4.3.24"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "5a52b982-92cd-3a4e-819d-f846d133f4e0",
+      "vendor": {
+        "name": "UserSpice"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21870.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21870",
+  "enisaUuid": "881a9356-cc2d-3732-8b35-f8135e7a81a8",
+  "description": "Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the user_detail view with malicious cid values containing SQL commands to extract sensitive database information.",
+  "datePublished": "May 23, 2026, 6:30:49 PM",
+  "dateUpdated": "May 23, 2026, 6:30:49 PM",
+  "baseScore": 8.8,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/44869\nhttps://www.joomlaextensions.co.in/\nhttps://extensions.joomla.org/extension/ek-rishta/\nhttps://www.vulncheck.com/advisories/joomla-component-ek-rishta-sql-injection-via-user-detail\n",
+  "aliases": "CVE-2018-25348\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "63b690b8-1466-3382-9f2f-140969351144",
+      "product": {
+        "name": "Ek Rishta"
+      },
+      "product_version": "2.10"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "713ab62b-01a5-3c3c-9ddf-28486aa171ce",
+      "vendor": {
+        "name": "harmistechnology"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21871.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21871",
+  "enisaUuid": "8209ce07-3ffc-3489-a356-a58f013973f1",
+  "description": "WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'search_labels' parameters to extract sensitive database information or escalate privileges.",
+  "datePublished": "May 23, 2026, 6:30:48 PM",
+  "dateUpdated": "May 23, 2026, 6:30:48 PM",
+  "baseScore": 7.1,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/44854\nhttps://wordpress.org/plugins/contact-form-maker/\nhttps://www.vulncheck.com/advisories/wordpress-contact-form-maker-plugin-sql-injection\n",
+  "aliases": "CVE-2018-25347\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "ce4b2a68-7007-3bc3-9559-344f2e65f828",
+      "product": {
+        "name": "Contact Form Maker"
+      },
+      "product_version": "0 \u22641.12.20"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "ebd517ec-515c-3aa2-9380-b00510b7f69f",
+      "vendor": {
+        "name": "Web-Dorado"
+      }
+    }
+  ]
+}