An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and...
7.5CVSS
7AI Score
0.001EPSS
A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP...
8.8CVSS
8.6AI Score
0.001EPSS
OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account...
7.5CVSS
7.4AI Score
0.001EPSS
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at...
9.8CVSS
9.8AI Score
0.002EPSS
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at...
9.8CVSS
9.8AI Score
0.002EPSS
SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than...
8.4AI Score
0.009EPSS
Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack...
6AI Score
0.003EPSS
Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form, a different vulnerability than...
8.5AI Score
0.009EPSS