9 matches found
OpenSID Arbitrary File Upload Vulnerability
OpenSID is a village information management system developed by the SID community. An arbitrary file upload vulnerability exists in OpenSID version 18.06-pasca. An attacker can exploit this vulnerability to upload arbitrary PHP code with the help of an attached document in the article function...
Cross site scripting
OpenSID 18.06-pasca has reflected Cross Site Scripting XSS via the cari parameter, aka an index.php/first?cari= URI...
Cross site request forgery (csrf)
OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account at the admin level via the index.php/manuser/insert URI...
CVE-2018-13040
OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account at the admin level via the index.php/manuser/insert URI...
CVE-2018-13039
OpenSID 18.06-pasca has reflected Cross Site Scripting XSS via the cari parameter, aka an index.php/first?cari= URI...
CVE-2018-13039
OpenSID 18.06-pasca has reflected Cross Site Scripting XSS via the cari parameter, aka an index.php/first?cari= URI...
CVE-2018-13038
OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type...
CVE-2018-13039
OpenSID 18.06-pasca is affected by CVE-2018-13039: a reflected Cross Site Scripting (XSS) vulnerability in the cari parameter, exploitable via index.php/first?cari=. CNVD/CNVD-2018-13871, NVD CVE-2018-13039 and related records describe that a remote attacker can inject script/HTML to access user ...
CVE-2018-13040
OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account at the admin level via the index.php/manuser/insert URI...