CWE-473
4 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-473page 1 of 1
- CVE-2023-36844MEDIUMCVSS 5.3EG 9.0⚠ KEV2023-08-17
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attack…
- CVE-2023-36845CRITICALCVSS 9.8EG 9.8⚠ KEV2023-08-17
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the va…
- CVE-2024-27489HIGHCVSS 7.5EG 7.52024-07-19
An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request.
- CVE-2026-40285HIGHCVSS 8.8EG 8.82026-04-17
WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpf_usuario POST parameter overwrites the session-stored user identity via extract($_RE…
Map vulnerabilities like CWE-473 to your infrastructure
EchelonGraph correlates every CVE — across CWE-473 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →