Vulnerabilities > ENS > Webgalamb > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-21 | CVE-2018-19510 | SQL Injection vulnerability in ENS Webgalamb 6.0/7.0 subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header. | 9.8 |
| 2019-03-21 | CVE-2018-19514 | Unrestricted Upload of File with Dangerous Type vulnerability in ENS Webgalamb 6.0/7.0 In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. | 9.8 |
| 2019-03-21 | CVE-2018-19515 | Incorrect Authorization vulnerability in ENS Webgalamb 6.0/7.0 In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. | 9.8 |